WUZHI CMS Cross-Site Scripting Vulnerability (CNVD-2019-09135)

WUZHI CMS is five fingers WUZHI company based on PHP and MySQL open source content management system CMS. A stored cross-site scripting vulnerability exists in index.php?m=core&f=index in WUZHI CMS 4.1.0, which can be exploited to inject arbitrary web script or HTML via the ontoggle attribute of...

CVE-2018-18938

CVE-2018-18938 affects WUZHI CMS 4.1.0. There is a stored XSS in the admin-facing page index.php?m=core&f=index, exploitable via an ontoggle attribute in the details/open/ section within a second input field. CVSS metrics in NVD indicate a base score of 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N) under CVSS...

Stored Cross-Site Scripting Vulnerability at Custom Inputs in Thinksaas System

ThinkSAAS is a lightweight open source community system is a community system that can be used to build discussion groups, bbs and circles. A stored cross-site scripting vulnerability exists in Thinksaas version 2.5 at the system's custom input. The system uses a blacklisting mechanism to filter...