CVE-2021-47737

Description

CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles. Attackers can craft POST requests to the member messaging system with HTML-based links to potentially conduct phishing or social engineering attacks.

PUBLISHED Reserved 2025-12-23 | Published 2025-12-23 | Updated 2025-12-23 | Assigner VulnCheck

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Credits

Metin Yunus Kandemir finder

References

www.exploit-db.com/exploits/48357 (ExploitDB-48357) exploit

www.cszcms.com/ (Official CSZ CMS Vendor Homepage) product

sourceforge.net/projects/cszcms/ (CSZ CMS SourceForge Project) product

www.vulncheck.com/...tion-vulnerability-via-member-dashboard (VulnCheck Advisory: CSZ CMS 1.2.7 HTML Injection Vulnerability via Member Dashboard) third-party-advisory

cve.org (CVE-2021-47737)

nvd.nist.gov (CVE-2021-47737)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.