YzmCMS WeChat Module Reflective Cross-Site Scripting Vulnerability

YzmCMS is a lightweight open source content management system based on PHP+Mysql architecture. A reflective cross-site scripting vulnerability exists in the YzmCMS WeChat module. Attackers can exploit this vulnerability through the admin/module/init.html echostr parameter to conduct cross-site...

CVE-2018-10026

The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php...