21 matches found
CVE-2025-60500
QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of arbitrary PHP files, which are stored in a...
EUVD-2025-35195
QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of arbitrary PHP files, which are stored in a...
EUVD-2017-15871
Malware in sbrugna...
EUVD-2023-42671
Malicious code in bioql PyPI...
EUVD-2023-42670
Malicious code in bioql PyPI...
CVE-2023-38911
A Cross-Site Scripting XSS vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields...
CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Photo URL and YouTube URL) Vulnerability
Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting 'Photo URL' and 'YouTube URL' CVE: CVE-2023-38910 Exploit Author: Daniel González Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.3.0 Tested on: CSZ CMS 1.3.0 Description: CSZ CMS 1.3.0 ...
CSZ CMS 1.3.0 Cross Site Scripting
Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting Plugin 'Gallery' Date: 2023/08/18 CVE: CVE-2023-38911 Exploit Author: Daniel González Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.3.0 Tested on: CSZ CMS 1.3.0 Description: CSZ CMS...
CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin Gallery) Vulnerability
Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting Plugin 'Gallery' CVE: CVE-2023-38911 Exploit Author: Daniel González Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.3.0 Tested on: CSZ CMS 1.3.0 Description: CSZ CMS 1.3.0 is affected b...
CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' )
Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting 'Photo URL' and 'YouTube URL' Date: 2023/08/18 CVE: CVE-2023-38910 Exploit Author: Daniel González Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.3.0 Tested on: CSZ CMS 1.3.0 Descriptio...
CVE-2023-38910
CSZ CMS 1.3.0 is vulnerable to cross-site scripting XSS, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin...
CVE-2023-38910
CSZ CMS 1.3.0 is vulnerable to cross-site scripting XSS, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin...
CVE-2023-38911
A Cross-Site Scripting XSS vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields...
CVE-2023-38911
A Cross-Site Scripting XSS vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields...
CVE-2023-38910
CSZ CMS 1.3.0 is vulnerable to cross-site scripting XSS, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin...
Cross site scripting
CSZ CMS 1.3.0 is vulnerable to cross-site scripting XSS, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin...
Cross site scripting
A Cross-Site Scripting XSS vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields...
CVE-2023-38911
A Cross-Site Scripting XSS vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields...
PT-2023-26681 · Unknown +2 · Carousel Wiget +3
Name of the Vulnerable Software and Affected Versions: CSZ CMS version 1.3.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing the carousel widget created above, in 'Photo URL' and 'YouTube...
CVE-2023-38911
A Cross-Site Scripting XSS vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields...