Description
Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://github.com/al3zx/csz_cms_1_3_0_xss_in_install_page/blob/main/README.md
Product
https://www.cszcms.com/
Scores
CVSS v3
6.1
EPSS
0.0018
EPSS Percentile
39.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
cszcms/csz_cms
1.3.0
Published
Sep 06, 2023
Tracked Since
Feb 18, 2026