CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9107
https://notcve.org/view.php?id=CVE-2019-9107
25 Feb 2019 — XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php. Existe Cross-Site Scripting (XSS) en WUZHI CMS 4.1.0 mediante index.php?m=attachmentf=imagecutv=initimgurl=[XSS] en coreframe/app/attachment/imagecut.php. • https://gist.github.com/redeye5/ccbbc43330cc9821062249b78c916317 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9108
https://notcve.org/view.php?id=CVE-2019-9108
25 Feb 2019 — XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php. Existe Cross-Site Scripting (XSS) en WUZHI CMS 4.1.0 mediante index.php?m=coref=mapv=baidumapx=[XSS]y=[XSS] en coreframe/app/core/map.php. • https://gist.github.com/redeye5/ebfef23f0a063b82779151f9cde8e480 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9109
https://notcve.org/view.php?id=CVE-2019-9109
25 Feb 2019 — XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php. Existe Cross-Site Scripting (XSS) en WUZHI CMS 4.1.0 mediante index.php?m=messagef=messagev=addusername=[XSS] en coreframe/app/message/message.php. • https://gist.github.com/redeye5/57ccafea7263efec67c82b0503c72480 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9110
https://notcve.org/view.php?id=CVE-2019-9110
25 Feb 2019 — XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php. Existe Cross-Site Scripting (XSS) en WUZHI CMS 4.1.0 mediante index.php?m=contentf=postinfov=listingset_iframe=[XSS] en coreframe/app/content/postinfo.php. • https://gist.github.com/redeye5/470708bd27ed115b29d0434255b9f7a0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20572
https://notcve.org/view.php?id=CVE-2018-20572
28 Dec 2018 — WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893. WUZHI CMS 4.1.0 permite la inyección SQL en coreframe/app/coupon/admin/copyfrom.php mediante el parámetro keywords en index.php?m=promotef=indexv=search. Esto está relacionado con CVE-2018-15893. • https://github.com/wuzhicms/wuzhicms/issues/166 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18938
https://notcve.org/view.php?id=CVE-2018-18938
05 Nov 2018 — An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field. Se ha descubierto un problema en WUZHI CMS 4.1.0. Hay Cross-Site Scripting (XSS) persistente en index.php? • https://github.com/wuzhicms/wuzhicms/issues/158 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18711
https://notcve.org/view.php?id=CVE-2018-18711
27 Oct 2018 — An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's password via index.php?m=core&f=panel&v=edit_info. Se ha descubierto un problema en WUZHI CMS 4.1.0. Hay una vulnerabilidad CSRF que puede cambiar la contraseña del superadministrador mediante index.php? • https://github.com/wuzhicms/wuzhicms/issues/156 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18712
https://notcve.org/view.php?id=CVE-2018-18712
27 Oct 2018 — An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1. Se ha descubierto un problema en WUZHI CMS 4.1.0. Hay una vulnerabilidad CSRF que puede cambiar el nombre de usuario del superadministrador mediante index.php? • https://github.com/wuzhicms/wuzhicms/issues/156 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2018-17832 – WUZHICMS 2.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-17832
01 Oct 2018 — XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter. Existe Cross-Site Scripting (XSS) en WUZHI CMS 2.0 mediante los parámetros v o f en index.php. WUZHICMS version 2.0 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/149607 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14512
https://notcve.org/view.php?id=CVE-2018-14512
23 Jul 2018 — An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings - mail server" screen, the XSS payload is triggered. Se ha descubierto una vulnerabilidad de Cross-Site Scripting (XSS) en WUZHI CMS 4.1.0. • https://github.com/wuzhicms/wuzhicms/issues/143 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •