A persistent XSS vulnerability was discovered in WUZHI CMS 4.1.0
There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML.
Vulnerability trigger point http://localhost/index.php?m=core&f=index&_su=wuzhicms. When attacker access -system settings - mail server - mail server - mailbox username, write poc content, then XSS vulnerability is triggered successfully.
1、choose this part and write poc to [mailbox username]
2、submit and view webpage
The text was updated successfully, but these errors were encountered:
feixuezhi
changed the title
There is a XSS vulnerability
wuzhicms v4.1.0 baidumap reflected xss vulnerability
Jul 30, 2019
feixuezhi
changed the title
wuzhicms v4.1.0 baidumap reflected xss vulnerability
wuzhicms v4.1.0 reflected xss vulnerability
Jul 30, 2019
feixuezhi
changed the title
wuzhicms v4.1.0 reflected xss vulnerability
wuzhicms v4.1.0 persistent xss vulnerability
Jul 30, 2019
A persistent XSS vulnerability was discovered in WUZHI CMS 4.1.0
There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML.
POC
"> <details/open
/ontoggle=eval(String.fromCharCode(97)+String.fromCharCode(108)+String.fromCharCode(101)+String.fromCharCode(114)+String.fromCharCode(116)+String.fromCharCode(40)+String.fromCharCode(50)+String.fromCharCode(41))>
Vulnerability trigger point
http://localhost/index.php?m=core&f=index&_su=wuzhicms. When attacker access -system settings - mail server - mail server - mailbox username, write poc content, then XSS vulnerability is triggered successfully.
1、choose this part and write poc to [mailbox username]

2、submit and view webpage

The text was updated successfully, but these errors were encountered: