Cross-Site Scripting Vulnerability in WUZHI CMS by WUZHI Technology
CVE-2018-14513

6.1MEDIUM

Key Information:

Vendor: Wuzhi Cms Project
Status: Wuzhi Cms
Vendor: CVE Published:; 23 July 2018

🔔 Create Wuzhi Cms Project Vulnerability Alert

What is CVE-2018-14513?

A persistent Cross-Site Scripting (XSS) vulnerability exists in WUZHI CMS version 4.1.0. This flaw allows remote attackers to inject arbitrary web scripts or HTML through the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI. Exploiting this vulnerability can compromise the security of web applications, leading to unauthorized actions and data exposure.

References

https://github.com/wuzhicms/wuzhicms/issues/145

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2018
Vulnerability Reserved
Jul 22, 2018