CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-17832 – WUZHICMS 2.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-17832
XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter. Existe Cross-Site Scripting (XSS) en WUZHI CMS 2.0 mediante los parámetros v o f en index.php. WUZHICMS version 2.0 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/45514 https://cxsecurity.com/issue/WLB-2018050139 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14512
https://notcve.org/view.php?id=CVE-2018-14512
An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings - mail server" screen, the XSS payload is triggered. Se ha descubierto una vulnerabilidad de Cross-Site Scripting (XSS) en WUZHI CMS 4.1.0. • https://github.com/wuzhicms/wuzhicms/issues/143 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14472
https://notcve.org/view.php?id=CVE-2018-14472
An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection. Se ha descubierto un problema en WUZHI CMS 4.1.0. El archivo vulnerable es coreframe/app/order/admin/goods.php. • https://github.com/wuzhicms/wuzhicms/issues/144 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-11722
https://notcve.org/view.php?id=CVE-2018-11722
WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded. WUZHI CMS 4.1.0 tiene una inyección SQL en api/uc.php mediante el parámetro "code" debido a que "UC_KEY" está embebido. • https://github.com/wuzhicms/wuzhicms/issues/141 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-11549
https://notcve.org/view.php?id=CVE-2018-11549
An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring. Se ha descubierto un problema en WUZHI CMS 4.1.0. Hay una vulnerabilidad de Cross-Site Scripting (XSS) persistente en "Account Settings -> Member Centre -> Chinese information -> Ordinary member" mediante un número QQ, tal y como queda demostrado con una subcadena form[qq_10]=. • https://github.com/wuzhicms/wuzhicms/issues/139 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •