Lucene search
K

21 matches found

Vulnrichment
Vulnrichment
added 2025/10/21 12:0 a.m.4 views

CVE-2025-60500

QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of arbitrary PHP files, which are stored in a...

6.5AI score0.00482EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/21 12:0 a.m.6 views

EUVD-2025-35195

QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of arbitrary PHP files, which are stored in a...

7.2CVSS6.3AI score0.00482EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-15871

Malware in sbrugna...

5.4CVSS5.8AI score0.02094EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-42671

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00468EPSS
Exploits4References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-42670

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00436EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:9 a.m.5 views

CVE-2023-38911

A Cross-Site Scripting XSS vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields...

5.4CVSS6.1AI score0.00468EPSS
Exploits4
0day.today
0day.today
added 2023/09/04 12:0 a.m.303 views

CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Photo URL and YouTube URL) Vulnerability

Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting 'Photo URL' and 'YouTube URL' CVE: CVE-2023-38910 Exploit Author: Daniel González Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.3.0 Tested on: CSZ CMS 1.3.0 Description: CSZ CMS 1.3.0 ...

6.1CVSS7.1AI score0.00436EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/09/04 12:0 a.m.332 views

CSZ CMS 1.3.0 Cross Site Scripting

Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting Plugin 'Gallery' Date: 2023/08/18 CVE: CVE-2023-38911 Exploit Author: Daniel González Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.3.0 Tested on: CSZ CMS 1.3.0 Description: CSZ CMS...

6.1CVSS7.1AI score0.00468EPSS
Exploits7
0day.today
0day.today
added 2023/09/04 12:0 a.m.194 views

CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin Gallery) Vulnerability

Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting Plugin 'Gallery' CVE: CVE-2023-38911 Exploit Author: Daniel González Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.3.0 Tested on: CSZ CMS 1.3.0 Description: CSZ CMS 1.3.0 is affected b...

5.4CVSS7.1AI score0.00468EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.398 views

CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' )

Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting 'Photo URL' and 'YouTube URL' Date: 2023/08/18 CVE: CVE-2023-38910 Exploit Author: Daniel González Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.3.0 Tested on: CSZ CMS 1.3.0 Descriptio...

6.1CVSS6.4AI score0.00436EPSS
Exploits4
OSV
OSV
added 2023/08/18 7:15 p.m.3 views

CVE-2023-38910

CSZ CMS 1.3.0 is vulnerable to cross-site scripting XSS, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin...

6.1CVSS5.9AI score0.00436EPSS
Exploits4References1
ATTACKERKB
ATTACKERKB
added 2023/08/18 7:15 p.m.3 views

CVE-2023-38910

CSZ CMS 1.3.0 is vulnerable to cross-site scripting XSS, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin...

6.1CVSS6.5AI score0.00436EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2023/08/18 7:15 p.m.6 views

CVE-2023-38911

A Cross-Site Scripting XSS vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields...

5.4CVSS6.4AI score0.00468EPSS
Exploits4References4
NVD
NVD
added 2023/08/18 7:15 p.m.26 views

CVE-2023-38911

A Cross-Site Scripting XSS vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields...

5.4CVSS5.3AI score0.00468EPSS
Exploits4References1
NVD
NVD
added 2023/08/18 7:15 p.m.33 views

CVE-2023-38910

CSZ CMS 1.3.0 is vulnerable to cross-site scripting XSS, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin...

6.1CVSS6.1AI score0.00436EPSS
Exploits4References1
Prion
Prion
added 2023/08/18 7:15 p.m.9 views

Cross site scripting

CSZ CMS 1.3.0 is vulnerable to cross-site scripting XSS, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin...

5.8CVSS6AI score0.00436EPSS
Exploits4References1Affected Software1
Prion
Prion
added 2023/08/18 7:15 p.m.12 views

Cross site scripting

A Cross-Site Scripting XSS vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields...

4.9CVSS5.4AI score0.00468EPSS
Exploits4References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/18 12:0 a.m.11 views

CVE-2023-38911

A Cross-Site Scripting XSS vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields...

6AI score0.00468EPSS
Exploits4References1
Positive Technologies
Positive Technologies
added 2023/08/18 12:0 a.m.1 views

PT-2023-26681 · Unknown +2 · Carousel Wiget +3

Name of the Vulnerable Software and Affected Versions: CSZ CMS version 1.3.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing the carousel widget created above, in 'Photo URL' and 'YouTube...

6.1CVSS5.9AI score0.00436EPSS
Exploits4References5
Cvelist
Cvelist
added 2023/08/18 12:0 a.m.28 views

CVE-2023-38911

A Cross-Site Scripting XSS vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields...

5.5AI score0.00468EPSS
Exploits4References1
Rows per page
Query Builder