CVE-2018-10311 – WUZHI CMS 4.1.0 - 'tag[pinyin]' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-10311
A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI. Se ha descubierto una vulnerabilidad en WUZHI CMS 4.1.0. Hay Cross-Site Scripting (XSS) persistente que permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro tag[pinyin] en el URI /index.php? • https://www.exploit-db.com/exploits/44618 https://github.com/wuzhicms/wuzhicms/issues/131 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-10248
https://notcve.org/view.php?id=CVE-2018-10248
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can delete any article via index.php?m=content&f=content&v=recycle_delete. Se ha descubierto un problema en WUZHI CMS 4.1.0. Hay una vulnerabilidad de Cross-Site Request Forgery (CSRF) que puede eliminar cualquier artículo mediante index.php? • https://github.com/wuzhicms/wuzhicms/issues/130 • CWE-352: Cross-Site Request Forgery (CSRF) •