← back
CVE-2021-47737mediumCWE-79

CSZ CMS 1.2.7 HTML Injection Vulnerability via Member Dashboard

13Vexday Risk Score

No sign of exploitation. No public exploitation artifact known so far.

ssvc Trackcvss 5.1epss 0.2%
exploitation probability
0.2%top 84% of all CVEs
observed exploitation
nono source reports it
CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles. Attackers can craft POST requests to the member messaging system with HTML-based links to potentially conduct phishing or social engineering attacks.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Affected products
Cszcms · CSZ CMS