3 matches found
Cross site scripting
A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tagpinyin parameter to the /index.php?m=tags&f=index&v=add URI...
CVE-2018-10311
A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tagpinyin parameter to the /index.php?m=tags&f=index&v=add URI...
PT-2018-9818 · Wuzhi · Wuzhi Cms
Name of the Vulnerable Software and Affected Versions: WUZHI CMS version 4.1.0 Description: A persistent XSS issue allows remote attackers to inject arbitrary web script or HTML via the tagpinyin parameter to the "/index.php?m=tags&f=index&v=add" API endpoint. Recommendations: For WUZHI CMS versi...