CNNVD-202512-4111 Information

CNNVD ID

CNNVD-202512-4111

Related CVE

CVE-2021-47738

• CNNVD Published: 2025-12-23

Description (Chinese)

CSZ CMS是Cskaza Bassist个人开发者的一个开源网络应用程序，允许管理网站上的所有内容和设置。 CSZ CMS 1.2.7版本存在跨站脚本漏洞，该漏洞源于对用户代理标头输入验证不足，可能导致存储型跨站脚本攻击。

Description (English)

CSZ CMS is an open-source web application for Cskaza Bassist personal developers that allows for the management of all content and settings on the website. Version 1.2.7 of the CSZ CMS 1.2.7 has a cross-site script loophole, which results from insufficient validation of the user proxy entry, which may result in a storage-type cross-site script attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

个人开发者

Published

2025-12-23

Last Modified

2026-02-24

References

https://sourceforge.net/projects/cszcms/ https://www.exploit-db.com/exploits/48354 https://www.cszcms.com/ https://www.vulncheck.com/advisories/csz-cms-persistent-cross-site-scripting-via-private-messaging https://access.redhat.com/security/cve/cve-2021-47738