CVE-2025-13217

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the YouTube Video 'value' field in all versions up to, and including, 2.11.0. This is due to insufficient input...

CSZ CMS 跨站脚本漏洞

CSZ CMS is an open source PHP-based content management system CMS. A security vulnerability exists in CSZ CMS version 1.3.0, which stems from a vulnerability that allows an attacker to execute arbitrary code via the Gallery parameter in the YouTube URL field using a carefully crafted payload...