CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2018-10313 – WUZHI CMS 4.1.0 - 'form[qq_10]' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-10313
24 Apr 2018 — WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI. WUZHI CMS 4.1.0 permite Cross-Site Scripting (XSS) persistente mediante el parámetro form%5Bqq_10%5D en el URI /index.php?m=memberf=indexv=profileset_iframe=1. Wuzhi CMS version 4.1.0 suffers from multiple cross site scripting vulnerabilities. • https://packetstorm.news/files/id/147597 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2018-10312 – WUZHI CMS 4.1.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-10312
24 Apr 2018 — index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member. index.php?m=memberv=pw_reset en WUZHI CMS 4.1.0 permite Cross-Site Request Forgery (CSRF) para cambiar la contraseña de un miembro común. Wuzhi CMS version 4.1.0 suffers from a cross site request forgery vulnerability. • https://packetstorm.news/files/id/147332 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10248
https://notcve.org/view.php?id=CVE-2018-10248
20 Apr 2018 — An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can delete any article via index.php?m=content&f=content&v=recycle_delete. Se ha descubierto un problema en WUZHI CMS 4.1.0. Hay una vulnerabilidad de Cross-Site Request Forgery (CSRF) que puede eliminar cualquier artículo mediante index.php? • https://github.com/wuzhicms/wuzhicms/issues/130 • CWE-352: Cross-Site Request Forgery (CSRF) •