XSS Vulnerability in Wuzhi CMS Backend of Five Finger B2B System
CVE-2023-31860

5.4MEDIUM

Key Information:

Vendor: Wuzhicms
Status: Wuzhi Cms
Vendor: CVE Published:; 23 May 2023

What is CVE-2023-31860?

The Wuzhi CMS version 3.1.2 contains a storage type cross-site scripting (XSS) vulnerability in the backend of the Five Finger CMS b2b system. This vulnerability allows an attacker to inject malicious scripts, which can be executed in the context of users viewing the targeted web page. Proper validation and sanitization of user inputs are crucial to mitigate the risk associated with this vulnerability. Users of this version are encouraged to apply necessary patches and follow security best practices to enhance their web application security.

References

https://github.com/wuzhicms/b2b/issues/3

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2023
Vulnerability Reserved
Apr 29, 2023

Wuzhicms

What is CVE-2023-31860?

References

CVSS V3.1

Timeline