Cross-Site Scripting Vulnerability in WUZHI CMS by WUZHI
CVE-2019-9109

6.1MEDIUM

Key Information:

Vendor: Wuzhicms
Status: Wuzhi Cms
Vendor: CVE Published:; 25 February 2019

What is CVE-2019-9109?

A cross-site scripting vulnerability exists in WUZHI CMS version 4.1.0 that allows attackers to inject malicious scripts through the username parameter in the message addition feature. By accessing the vulnerable URL, an attacker could potentially execute arbitrary scripts in the context of a user's session, leading to session hijacking or unauthorized actions. It is essential for users of WUZHI CMS to apply security patches or workarounds to mitigate this risk.

References

https://github.com/wuzhicms/wuzhicms/issues/172

x_refsource_MISC

https://gist.github.com/redeye5/57ccafea7263efec67c82b050...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 25, 2019
Vulnerability Reserved
Feb 24, 2019

JSON

Wuzhicms

What is CVE-2019-9109?

References

CVSS V3.1

Timeline