EIP-2026-106261

This exploit demonstrates multiple XSS vulnerabilities in CSZ CMS 1.2.9, including reflected and stored XSS via crafted input fields in banner and plugin management. The PoC uses SVG onload events to trigger JavaScript execution.