You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A xss vulnerability was discovered in WUZHI CMS 4.1.0
There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter post to the /wuzhicms/www/index.php?m=core&f=set&v=sendmail&_su=wuzhicms&_menuid=24
When administrator access - system settings - mail server .then XSS vulnerability is triggered successfully
POC
xss payload: <details/open/ontoggle=eval(String.fromCharCode(97)+String.fromCharCode(108)+String.fromCharCode(101)+String.fromCharCode(114)+String.fromCharCode(116)+String.fromCharCode(40)+String.fromCharCode(50)+String.fromCharCode(41))>
Vulnerability trigger point
when administrator access - system settings - mail server .then XSS vulnerability is triggered
The text was updated successfully, but these errors were encountered: