CVE-2021-47738 - CSZ CMS 1.2.7 Persistent Cross-Site Scripting via Private Messaging

CVE ID : CVE-2021-47738 Published : Dec. 23, 2025, 8:15 p.m. | 32 minutes ago Description : CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend dashboard. Severity: 6.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Telegram CVE Monitor