Desencrypt

**Name of the Vulnerable Software and Affected Versions** CSZ CMS version 1.3.0 **Description** A Cross-Site Scripting (XSS) issue allows attackers to execute arbitrary code via a crafted payload to the `Social Settings` parameter. This enables attackers to potentially manipulate the website's behavior. **Recommendations** For CSZ CMS version 1.3.0, as a temporary workaround, consider restricting access to the `Social Settings` parameter until a patch is available. Avoid using the `Social Settings` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CSZ CMS version 1.3.0 **Description** The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing the carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin. This enables cross-site scripting (XSS) attacks. **Recommendations** For CSZ CMS version 1.3.0, as a temporary workaround, consider disabling the 'Carousel Wiget' section and the 'Photo URL' and 'YouTube URL' plugins until a patch is available. Restrict access to these plugins to minimize the risk of exploitation. Avoid using the 'Photo URL' and 'YouTube URL' fields in the 'Carousel Wiget' section until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** CSZ CMS version 1.3.0 **Description** A Cross-Site Scripting (XSS) issue allows attackers to execute arbitrary code via a crafted payload to the `Gallery` parameter in the YouTube URL fields. **Recommendations** For CSZ CMS version 1.3.0, consider disabling the `Gallery` parameter in the YouTube URL fields until a patch is available. Restrict access to the YouTube URL fields to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.