Cross-Site Scripting in WUZHI CMS by WUZHI
CVE-2018-16350

6.1MEDIUM

Key Information:

Vendor: Wuzhi Cms Project
Status: Wuzhi Cms
Vendor: CVE Published:; 2 September 2018

🔔 Create Wuzhi Cms Project Vulnerability Alert

What is CVE-2018-16350?

WUZHI CMS 4.1.0 suffers from a Cross-Site Scripting (XSS) vulnerability through the 'index.php?m=core&f=set&v=basic' form[statcode] parameter. This flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially compromising user data and session integrity. It is essential for users to apply security measures and updates to mitigate these risks.

References

https://github.com/wuzhicms/wuzhicms/issues/148

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 2, 2018
Vulnerability Reserved
Sep 2, 2018