Open
Description
A xss vulnerability was discovered in WUZHI CMS 4.1.0
There is a reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of /index.php?m=core&f=index&_su=wuzhicms.
POC
ji</textarea> <img/src=1 onerror=alert(document.cookie)>
Vulnerability trigger point
http://localhost/index.php?m=core&f=index&_su=wuzhicms. When attacker access -system settings - basic settings, Write poc in the statcode form , then XSS vulnerability is triggered successfully.
Metadata
Assignees
Labels
No labels

