CVE-2023-39599

Name of the Vulnerable Software and Affected Versions CSZ CMS version 1.3.0

Description A Cross-Site Scripting (XSS) issue allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter. This enables attackers to potentially manipulate the website's behavior.

Recommendations For CSZ CMS version 1.3.0, as a temporary workaround, consider restricting access to the Social Settings parameter until a patch is available. Avoid using the Social Settings parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.