Stored XSS Vulnerability in WUZHI CMS 4.1.0
CVE-2018-17425

5.4MEDIUM

Key Information:

Vendor: Wuzhicms
Status: Wuzhi Cms
Vendor: CVE Published:; 7 March 2019

What is CVE-2018-17425?

WUZHI CMS version 4.1.0 contains a stored XSS vulnerability within the 'Membership Center'. This issue can be exploited via the 'I want to ask' feature, specifically through unvalidated input in the 'detailed description' field found under the index.php?m=member endpoint. Attackers may inject malicious scripts which can compromise user accounts and the overall security of the site.

References

https://github.com/wuzhicms/wuzhicms/issues/153

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2019
Vulnerability Reserved
Sep 23, 2018

Wuzhicms

What is CVE-2018-17425?

References

CVSS V3.1

Timeline