Stored XSS Vulnerability in WUZHI CMS by WUZHI
CVE-2018-10368

4.8MEDIUM

Key Information:

Vendor: Wuzhicms
Status: Wuzhi Cms
Vendor: CVE Published:; 25 April 2018

What is CVE-2018-10368?

A vulnerability exists in WUZHI CMS version 4.1.0 that allows for Stored Cross-Site Scripting (XSS) through the 'Extension Module -> System Announcement' feature. This security issue enables an attacker to inject malicious scripts into announcements, which can subsequently be executed by users who view those announcements. This could potentially lead to data theft, session hijacking, or damage to user trust.

References

https://github.com/wuzhicms/wuzhicms/issues/136

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2018
Vulnerability Reserved
Apr 25, 2018

Wuzhicms

What is CVE-2018-10368?

References

CVSS V3.1

Timeline