Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote malicious user to execute arbitrary code via the Default Keyword field in the settings function.