Vulnerability CVE-2023-38911


Published: 2023-08-18

Description:
A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields.

See advisories in our WLB2 database:
Topic
Author
Date
Low
CSZ CMS 1.3.0 Cross Site Scripting
Daniel Gonzalez
04.09.2023

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://github.com/desencrypt/CVE/tree/main/CVE-2023-1
https://github.com/desencrypt/CVE/blob/main/CVE-2023-1/Readme.md

Copyright 2024, cxsecurity.com

 

Back to Top