Lucene search

CVE-2018-10311

🗓️ 24 Apr 2018 02:00:29Reported by mitreType

cve🔗 web.nvd.nist.gov👁 46 Views🌐 WEB

A vulnerability in WUZHI CMS 4.1.0 allows remote attackers to inject arbitrary web script or HTML

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
0day.today	WUZHI CMS 4.1.0 - tag[pinyin] Cross-Site Scripting Vulnerability	13 May 201800:00	–	zdt
NVD	CVE-2018-10311	24 Apr 201802:29	–	nvd
Cvelist	CVE-2018-10311	24 Apr 201802:00	–	cvelist
exploitpack	WUZHI CMS 4.1.0 - tag[pinyin] Cross-Site Scripting	13 May 201800:00	–	exploitpack
Exploit DB	WUZHI CMS 4.1.0 - 'tag[pinyin]' Cross-Site Scripting	13 May 201800:00	–	exploitdb
Prion	Cross site scripting	24 Apr 201802:29	–	prion
OSV	CVE-2018-10311	24 Apr 201802:29	–	osv
Packet Storm	Wuzhi CMS 4.1.0 Cross Site Scripting	13 May 201800:00	–	packetstorm

Nvd

Node

wuzhicms wuzhicmsMatch4.1.0

Source	Link
github	www.github.com/wuzhicms/wuzhicms/issues/131
exploit-db	www.exploit-db.com/exploits/44618/

Parameter	Position	Path	Description	CWE
tag[pinyin]	request body	/index.php?m=tags&f=index&v=add	Persistent XSS vulnerability allows injecting arbitrary web scripts or HTML via the tag[pinyin] parameter.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

24 Apr 2018 02:29Current

5.9Medium risk

Vulners AI Score5.9

CVSS24.3

CVSS36.1

EPSS0.00437

CWE-79