CVE-2023-31860
https://notcve.org/view.php?id=CVE-2023-31860
Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system. • https://github.com/wuzhicms/b2b/issues/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-30123
https://notcve.org/view.php?id=CVE-2023-30123
wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings. • https://github.com/wuzhicms/wuzhicms/issues/205#issue-1635153937 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-36168
https://notcve.org/view.php?id=CVE-2022-36168
A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php: Se ha detectado una vulnerabilidad de salto de directorio en Wuzhicms versión 4.1.0. por medio del archivo /coreframe/app/attachment/admin/index.php: • https://github.com/Cigar-Fasion/CVE/issues/1 https://github.com/wuzhicms/wuzhicms/issues/202 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-19897
https://notcve.org/view.php?id=CVE-2020-19897
A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter. Un ataque de tipo Cross Site Scripting (XSS) reflejado en wuzhicms versión v4.1.0, permite a atacantes remotos ejecutar un script web o HTML arbitrario por medio del parámetro imgurl • https://github.com/wuzhicms/wuzhicms/issues/183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-41654
https://notcve.org/view.php?id=CVE-2021-41654
SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php Se presentan vulnerabilidades de inyección SQL en Wuzhicms versión v4.1.0, que permiten a atacantes ejecutar comandos SQL arbitrarios por medio del parámetro $keyValue en el archivo /coreframe/app/pay/admin/index.php • https://github.com/wuzhicms/wuzhicms/issues/198 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •