CVE-2021-47737

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions CSZ CMS version 1.2.7

Description An HTML injection issue exists in CSZ CMS that permits authenticated users to inject malicious hyperlinks into message titles. Attackers can create POST requests to the member messaging system using HTML-based links, potentially enabling phishing or social engineering attacks. The vulnerability affects the member messaging system. The vulnerable parameter is the message title.

Recommendations Apply updates to address the HTML injection issue in message titles.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-47737

Affected Products

Csz Cms

CVE-2021-47737

Weakness Enumeration

Related Identifiers

Affected Products

References · 7