A xss vulnerability was discovered in WUZHI CMS 4.1.0
There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML via the form%5Bqq_10%5D parameter post to the /index.php?m=member&f=index&v=profile&set_iframe=1
When the background administrator inquires about the personal information of this ordinary member, XSS triggers successfully.
poc:
A xss vulnerability was discovered in WUZHI CMS 4.1.0
There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML via the
form%5Bqq_10%5Dparameter post to the/index.php?m=member&f=index&v=profile&set_iframe=1When the background administrator inquires about the personal information of this ordinary member, XSS triggers successfully.
poc:
vulnerability trigger pointan administrator successfully triggers a member's personal informationThe text was updated successfully, but these errors were encountered: