PT-2023-16678 · Csz Cms · Csz Cms

Published

2023-08-18

Updated

2023-08-18

CVE-2023-1

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions: CSZ CMS version 1.3.0

Description: A Cross-Site Scripting (XSS) issue allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields.

Recommendations: For CSZ CMS version 1.3.0, avoid using the Gallery parameter in the YouTube URL fields until a fix is available. Consider restricting access to the YouTube URL fields to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2023-1

Affected Products

Csz Cms

PT-2023-16678 · Csz Cms · Csz Cms

CVE-2023-1

Related Identifiers

Affected Products

References · 2