CVE-2019-9107
CVE-2019-9107 describes a Cross-Site Scripting (XSS) vulnerability in WUZHI CMS 4.1.0. The issue is triggered via the imgurl parameter of the URL index.php?m=attachment&f=imagecut&v=init (to coreframe/app/attachment/imagecut.php), where unsanitized input can inject arbitrary Web scripts or HTML. ...