CVE-2018-10368
WUZHI CMS 4.1.0 contains a Stored XSS in the Extension Module -> System Announcement feature. An attacker can inject script via announcements, with network access and no user interaction required (per NVD metrics: I=Partial, C=None, A=None; CVSSv3: 4.8, MEDIUM). No exploitation details in the ...