{"vulnerability": "CVE-2023-38910", "sightings": [{"uuid": "5707c34d-8ef8-4133-8363-980be5c9d407", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38910", "type": "seen", "source": "https://t.me/cibsecurity/68843", "content": "\u203c CVE-2023-38910 \u203c\n\nCSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-18T22:38:26.000000Z"}]}