VYPR

Wuzhicms

by WuzhiCMS

Source repositories

CVEs (64)

  • CVE-2019-9107MedFeb 25, 2019
    risk 0.40cvss 6.1epss 0.01

    XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php.

  • CVE-2018-16350MedSep 2, 2018
    risk 0.40cvss 6.1epss 0.01

    WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter.

  • CVE-2018-16349MedSep 2, 2018
    risk 0.40cvss 6.1epss 0.01

    WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter.

  • CVE-2018-14513MedJul 23, 2018
    risk 0.40cvss 6.1epss 0.01

    An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI.

  • CVE-2018-14512MedJul 23, 2018
    risk 0.40cvss 6.1epss 0.01

    An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings…

  • CVE-2018-10313MedApr 24, 2018
    risk 0.38cvss 5.4epss 0.02

    WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI.

  • CVE-2025-25916MedFeb 28, 2025
    risk 0.35cvss 5.4epss 0.00

    wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\member\admin\group.php.

  • CVE-2023-30123MedApr 28, 2023
    risk 0.35cvss 5.4epss 0.00

    wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings.

  • CVE-2020-19770MedDec 21, 2021
    risk 0.35cvss 5.4epss 0.00

    A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie.

  • CVE-2020-19553MedSep 21, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php.

  • CVE-2018-17426MedMar 7, 2019
    risk 0.35cvss 5.4epss 0.01

    WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI.

  • CVE-2018-17425MedMar 7, 2019
    risk 0.35cvss 5.4epss 0.01

    WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI.

  • CVE-2018-11549MedMay 29, 2018
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring.

  • CVE-2018-10221MedApr 19, 2018
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lower than the…

  • CVE-2025-3563MedApr 14, 2025
    risk 0.31cvss 4.7epss 0.01

    A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue is the function Set of the file /index.php?m=attachment&f=index&_su=wuzhicms&v=set&submit=1 of the component Setting Handler. The manipulation of the argument Setting leads to code…

  • CVE-2018-18939MedNov 5, 2018
    risk 0.31cvss 4.8epss 0.01

    An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field.

  • CVE-2018-18938MedNov 5, 2018
    risk 0.31cvss 4.8epss 0.01

    An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field.

  • CVE-2018-10391MedApr 26, 2018
    risk 0.31cvss 4.8epss 0.01

    An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI.

  • CVE-2018-10368MedApr 25, 2018
    risk 0.31cvss 4.8epss 0.01

    An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an announcement.

  • CVE-2018-10367MedApr 25, 2018
    risk 0.31cvss 4.8epss 0.01

    An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section.