CVE-2023-6303 | CSZCMS 1.3.0 Site Settings Page /admin/settings/ Additional Meta Tag cross site scripting

A vulnerability was found in CSZCMS 1.3.0. It has been classified as problematic. This affects an unknown part of the file /admin/settings/ of the component Site Settings Page. The manipulation of the argument Additional Meta Tag with the input <svg><animate onbegin=alert(1) attributeName=x dur=1s> leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2023-6303. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-6303 | CSZCMS 1.3.0 Site Settings Page /admin/settings/ Additional Meta Tag cross site scripting

Related Posts

CVE-2024-4306 | Ofofonobs HubBank 1.0.2 Document Field unrestricted upload

CVE-2024-1756 | WooCommerce Customers Manager Plugin up to 29.7 on WordPress Ajax Action cross-site request forgery

CVE-2024-25874 | Enhavo CMS 0.13.1 Article Module New/Edit Create Tag cross site scripting

CVE-2024-6496 | Light Poll Plugin up to 1.0.0 on WordPress cross-site request forgery