CVE-2023-6303

Name of the Vulnerable Software and Affected Versions CSZCMS version 1.3.0

Description A problematic issue has been found, affecting the Site Settings Page component, specifically the /admin/settings/ part of the file. The manipulation of the Additional Meta Tag argument with the input <svg><animate onbegin=alert(1) attributeName=x dur=1s> leads to cross-site scripting. This issue can be initiated remotely. The exploit has been publicly disclosed.

Recommendations For CSZCMS version 1.3.0, as a temporary workaround, consider restricting access to the Site Settings Page component, specifically the /admin/settings/ endpoint, to minimize the risk of exploitation. Avoid using the Additional Meta Tag argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.