A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘New Article’ field under the ‘Article’ plugin.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25392
Reference (s):
- https://sourceforge.net/p/cszcms/tickets/2/