Stored XSS Vulnerability in WUZHI CMS by WUZHI
CVE-2018-18939

4.8MEDIUM

Key Information:

Vendor: Wuzhi Cms Project
Status: Wuzhi Cms
Vendor: CVE Published:; 5 November 2018

Summary

An issue was identified in WUZHI CMS version 4.1.0 that allows for stored Cross-Site Scripting (XSS) attacks through a vulnerable seventh input field in the index.php?m=core&f=index endpoint. This vulnerability could potentially enable the execution of arbitrary scripts in the context of the user’s session, jeopardizing user data and the integrity of the application.

References

https://github.com/wuzhicms/wuzhicms/issues/159

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 5, 2018
Vulnerability Reserved
Nov 5, 2018