A xss vulnerability was discovered in WUZHI CMS 4.1.0
There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML via the email parameter post to the index.php?m=member&v=register
When the background administrator inquires about the personal information of this ordinary member, XSS triggers successfully.
POCvulnerability trigger pointan administrator successfully triggers a member's personal informationThe text was updated successfully, but these errors were encountered: