CVE-2021-47737

MEDIUM

Cszcms Csz Cms - XSS

Title source: rule

Description

CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles. Attackers can craft POST requests to the member messaging system with HTML-based links to potentially conduct phishing or social engineering attacks.

Exploits (1)

exploitdb WORKING POC

by Metin Yunus Kandemir · textwebappsphp

https://www.exploit-db.com/exploits/48357

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/48357

[Product] https://www.cszcms.com/

[Product] https://sourceforge.net/projects/cszcms/

[Third Party Advisory] https://www.vulncheck.com/advisories/csz-cms-html-injection-vulnerability-via-member-dashboard

Scores

CVSS v3 5.4

EPSS 0.0003

EPSS Percentile 7.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

Cszcms/CSZ CMS 1.2.7

cszcms/csz_cms 1.2.7

Published Dec 23, 2025

Tracked Since Feb 18, 2026