Wuzhicms
by WuzhiCMS
Source repositories
CVEs (64)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-9107 | Med | 0.40 | 6.1 | 0.01 | Feb 25, 2019 | XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php. | ||
| CVE-2018-16350 | Med | 0.40 | 6.1 | 0.01 | Sep 2, 2018 | WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter. | ||
| CVE-2018-16349 | Med | 0.40 | 6.1 | 0.01 | Sep 2, 2018 | WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter. | ||
| CVE-2018-14513 | Med | 0.40 | 6.1 | 0.01 | Jul 23, 2018 | An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI. | ||
| CVE-2018-14512 | Med | 0.40 | 6.1 | 0.01 | Jul 23, 2018 | An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings… | ||
| CVE-2018-10313 | Med | 0.38 | 5.4 | 0.02 | Apr 24, 2018 | WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI. | ||
| CVE-2025-25916 | Med | 0.35 | 5.4 | 0.00 | Feb 28, 2025 | wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\member\admin\group.php. | ||
| CVE-2023-30123 | Med | 0.35 | 5.4 | 0.00 | Apr 28, 2023 | wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings. | ||
| CVE-2020-19770 | Med | 0.35 | 5.4 | 0.00 | Dec 21, 2021 | A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie. | ||
| CVE-2020-19553 | Med | 0.35 | 5.4 | 0.01 | Sep 21, 2021 | Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php. | ||
| CVE-2018-17426 | Med | 0.35 | 5.4 | 0.01 | Mar 7, 2019 | WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI. | ||
| CVE-2018-17425 | Med | 0.35 | 5.4 | 0.01 | Mar 7, 2019 | WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI. | ||
| CVE-2018-11549 | Med | 0.35 | 5.4 | 0.01 | May 29, 2018 | An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring. | ||
| CVE-2018-10221 | Med | 0.35 | 5.4 | 0.01 | Apr 19, 2018 | An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lower than the… | ||
| CVE-2025-3563 | Med | 0.31 | 4.7 | 0.01 | Apr 14, 2025 | A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue is the function Set of the file /index.php?m=attachment&f=index&_su=wuzhicms&v=set&submit=1 of the component Setting Handler. The manipulation of the argument Setting leads to code… | ||
| CVE-2018-18939 | Med | 0.31 | 4.8 | 0.01 | Nov 5, 2018 | An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field. | ||
| CVE-2018-18938 | Med | 0.31 | 4.8 | 0.01 | Nov 5, 2018 | An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field. | ||
| CVE-2018-10391 | Med | 0.31 | 4.8 | 0.01 | Apr 26, 2018 | An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI. | ||
| CVE-2018-10368 | Med | 0.31 | 4.8 | 0.01 | Apr 25, 2018 | An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an announcement. | ||
| CVE-2018-10367 | Med | 0.31 | 4.8 | 0.01 | Apr 25, 2018 | An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section. |
- risk 0.40cvss 6.1epss 0.01
XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php.
- risk 0.40cvss 6.1epss 0.01
WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter.
- risk 0.40cvss 6.1epss 0.01
WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter.
- risk 0.40cvss 6.1epss 0.01
An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI.
- risk 0.40cvss 6.1epss 0.01
An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings…
- risk 0.38cvss 5.4epss 0.02
WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI.
- risk 0.35cvss 5.4epss 0.00
wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\member\admin\group.php.
- risk 0.35cvss 5.4epss 0.00
wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings.
- risk 0.35cvss 5.4epss 0.00
A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie.
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php.
- risk 0.35cvss 5.4epss 0.01
WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI.
- risk 0.35cvss 5.4epss 0.01
WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI.
- risk 0.35cvss 5.4epss 0.01
An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring.
- risk 0.35cvss 5.4epss 0.01
An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lower than the…
- risk 0.31cvss 4.7epss 0.01
A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue is the function Set of the file /index.php?m=attachment&f=index&_su=wuzhicms&v=set&submit=1 of the component Setting Handler. The manipulation of the argument Setting leads to code…
- risk 0.31cvss 4.8epss 0.01
An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field.
- risk 0.31cvss 4.8epss 0.01
An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field.
- risk 0.31cvss 4.8epss 0.01
An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI.
- risk 0.31cvss 4.8epss 0.01
An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an announcement.
- risk 0.31cvss 4.8epss 0.01
An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section.
Page 3 of 4