Cross Site Scripting Vulnerability in Wuzhicms by Wuzhicms

CVE-2025-25916

What is CVE-2025-25916?

The del function in the coreframe app of Wuzhicms v4.1.0 exposes users to Cross Site Scripting (XSS) risks, enabling malicious scripts to execute in users' browsers. This vulnerability could potentially allow attackers to hijack user sessions, redirect users to malicious sites, or perform actions on behalf of the user, compromising the integrity and confidentiality of sensitive data.

References