Every CVE whose affected-product data names Cszcms Csz Cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (29)
CVE-2019-13086 — CVSS 9.8 (critical): core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header…
CVE-2019-15524 — CVSS 9.8 (critical): CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads…
CVE-2020-21250 — CVSS 9.8 (critical): CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php.
CVE-2024-25414 — CVSS 9.8 (critical): An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a…
CVE-2021-37144 — CVSS 9.1 (critical): CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect…
CVE-2024-58307 — CVSS 8.8 (high): CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to…
CVE-2020-19786 — CVSS 8.8 (high): File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP…
CVE-2021-43701 — CVSS 6.5 (medium): CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the…
CVE-2025-29083 — CVSS 6.5 (medium): SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the…
CVE-2025-29084 — CVSS 6.5 (medium): SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the…
CVE-2024-27734 — CVSS 6.1 (medium): A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an attacker to execute arbitrary code via a crafted script to the Site Name…
CVE-2023-41601 — CVSS 6.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts…
CVE-2023-38910 — CVSS 6.1 (medium): CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted…
CVE-2021-3224 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter.
CVE-2021-47737 — CVSS 5.4 (medium): CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles…
CVE-2021-47738 — CVSS 5.4 (medium): CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in…
CVE-2024-27752 — CVSS 5.4 (medium): Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the Default Keyword field in…
CVE-2023-38911 — CVSS 5.4 (medium): A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery…
CVE-2023-39599 — CVSS 5.4 (medium): Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social…
CVE-2025-63608 — CVSS 5.4 (medium): A SQL injection vulnerability exists in CSZ-CMS <=1.3.0 in the Form Builder view functionality. The vulnerability is located in the field…
CVE-2020-25391 — CVSS 5.4 (medium): A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload…
CVE-2020-25392 — CVSS 5.4 (medium): A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload…
CVE-2021-26776 — CVSS 5.4 (medium): CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name.