CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10391
https://notcve.org/view.php?id=CVE-2018-10391
An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI. Se ha descubierto un problema en WUZHI CMS 4.1.0. Hay Cross-Site Scripting (XSS) mediante el parámetro email en el URI index.php? • https://github.com/wuzhicms/wuzhicms/issues/134 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10367
https://notcve.org/view.php?id=CVE-2018-10367
An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section. Se ha descubierto un problema en WUZHI CMS 4.1.0. La característica content-management tiene Cross-Site Scrfipting (XSS) persistente mediante la sección title o content. • https://github.com/wuzhicms/wuzhicms/issues/135 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10368
https://notcve.org/view.php?id=CVE-2018-10368
An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an announcement. Se ha descubierto un problema en WUZHI CMS 4.1.0. La característica "Extension Module -> System Announcement" tiene Cross-Site Scripting (XSS) persistente mediante un anuncio. • https://github.com/wuzhicms/wuzhicms/issues/136 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-10311 – WUZHI CMS 4.1.0 - 'tag[pinyin]' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-10311
A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI. Se ha descubierto una vulnerabilidad en WUZHI CMS 4.1.0. Hay Cross-Site Scripting (XSS) persistente que permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro tag[pinyin] en el URI /index.php? • https://www.exploit-db.com/exploits/44618 https://github.com/wuzhicms/wuzhicms/issues/131 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2018-10313 – WUZHI CMS 4.1.0 - 'form[qq_10]' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-10313
WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI. WUZHI CMS 4.1.0 permite Cross-Site Scripting (XSS) persistente mediante el parámetro form%5Bqq_10%5D en el URI /index.php?m=memberf=indexv=profileset_iframe=1. Wuzhi CMS version 4.1.0 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/44617 https://github.com/wuzhicms/wuzhicms/issues/133 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •