CVE-2021-3224

Name of the Vulnerable Software and Affected Versions: cszcms version 1.2.9

Description: A stored cross-site scripting (XSS) issue exists in the /admin/pages/new "API Endpoint" via the content parameter. This allows for malicious script execution.

Recommendations: For cszcms version 1.2.9, as a temporary workaround, consider restricting access to the /admin/pages/new endpoint until a patch is available. Avoid using the content parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.