A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘New Pages’ field under the ‘Pages Content’ module.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25391
Reference (s):
- https://sourceforge.net/p/cszcms/tickets/1/