Page 9 of 52 results (0.003 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-11528

https://notcve.org/view.php?id=CVE-2018-11528

WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI. WUZHI CMS 4.1.0 tiene una inyección SQL mediante un URI api/sms_check.php?param=. • https://github.com/wuzhicms/wuzhicms/issues/138 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-11493

https://notcve.org/view.php?id=CVE-2018-11493

An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add. Se ha descubierto un problema en WUZHI CMS 4.1.0. Hay una vulnerabilidad de Cross-Site Request Forgery (CSRF) que puede añadir un enlace de amistad mediante index.php? • https://github.com/wuzhicms/wuzhicms/issues/137 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-10391

https://notcve.org/view.php?id=CVE-2018-10391

An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI. Se ha descubierto un problema en WUZHI CMS 4.1.0. Hay Cross-Site Scripting (XSS) mediante el parámetro email en el URI index.php? • https://github.com/wuzhicms/wuzhicms/issues/134 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-10367

https://notcve.org/view.php?id=CVE-2018-10367

An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section. Se ha descubierto un problema en WUZHI CMS 4.1.0. La característica content-management tiene Cross-Site Scrfipting (XSS) persistente mediante la sección title o content. • https://github.com/wuzhicms/wuzhicms/issues/135 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-10368

https://notcve.org/view.php?id=CVE-2018-10368

An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an announcement. Se ha descubierto un problema en WUZHI CMS 4.1.0. La característica "Extension Module -> System Announcement" tiene Cross-Site Scripting (XSS) persistente mediante un anuncio. • https://github.com/wuzhicms/wuzhicms/issues/136 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •