Vendor CVEs
WuzhiCMS
All CVEs
66 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-19770 | Med | 0.35 | 5.4 | 0.00 | Dec 21, 2021 | A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie. | ||
| CVE-2020-19553 | Med | 0.35 | 5.4 | 0.01 | Sep 21, 2021 | Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php. | ||
| CVE-2018-17426 | Med | 0.35 | 5.4 | 0.01 | Mar 7, 2019 | WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI. | ||
| CVE-2018-17425 | Med | 0.35 | 5.4 | 0.01 | Mar 7, 2019 | WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI. | ||
| CVE-2018-11549 | Med | 0.35 | 5.4 | 0.01 | May 29, 2018 | An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring. | ||
| CVE-2018-10221 | Med | 0.35 | 5.4 | 0.01 | Apr 19, 2018 | An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lower than the… | ||
| CVE-2025-3563 | Med | 0.31 | 4.7 | 0.01 | Apr 14, 2025 | A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue is the function Set of the file /index.php?m=attachment&f=index&_su=wuzhicms&v=set&submit=1 of the component Setting Handler. The manipulation of the argument Setting leads to code… | ||
| CVE-2018-18939 | Med | 0.31 | 4.8 | 0.01 | Nov 5, 2018 | An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field. | ||
| CVE-2018-18938 | Med | 0.31 | 4.8 | 0.01 | Nov 5, 2018 | An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field. | ||
| CVE-2018-10391 | Med | 0.31 | 4.8 | 0.01 | Apr 26, 2018 | An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI. | ||
| CVE-2018-10368 | Med | 0.31 | 4.8 | 0.01 | Apr 25, 2018 | An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an announcement. | ||
| CVE-2018-10367 | Med | 0.31 | 4.8 | 0.01 | Apr 25, 2018 | An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section. | ||
| CVE-2024-32206 | Med | 0.30 | 4.6 | 0.01 | Apr 19, 2024 | A stored cross-site scripting (XSS) vulnerability in the component \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata parameter. | ||
| CVE-2025-0480 | Med | 0.28 | 4.3 | 0.00 | Jan 15, 2025 | A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. It is possible to initiate… | ||
| CVE-2020-21590 | Med | 0.28 | 4.3 | 0.01 | Apr 2, 2021 | Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter. | ||
| CVE-2022-36168 | Low | 0.18 | 2.7 | 0.01 | Aug 26, 2022 | A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php: |
- risk 0.35cvss 5.4epss 0.00
A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie.
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php.
- risk 0.35cvss 5.4epss 0.01
WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI.
- risk 0.35cvss 5.4epss 0.01
WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI.
- risk 0.35cvss 5.4epss 0.01
An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring.
- risk 0.35cvss 5.4epss 0.01
An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lower than the…
- risk 0.31cvss 4.7epss 0.01
A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue is the function Set of the file /index.php?m=attachment&f=index&_su=wuzhicms&v=set&submit=1 of the component Setting Handler. The manipulation of the argument Setting leads to code…
- risk 0.31cvss 4.8epss 0.01
An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field.
- risk 0.31cvss 4.8epss 0.01
An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field.
- risk 0.31cvss 4.8epss 0.01
An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI.
- risk 0.31cvss 4.8epss 0.01
An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an announcement.
- risk 0.31cvss 4.8epss 0.01
An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section.
- risk 0.30cvss 4.6epss 0.01
A stored cross-site scripting (XSS) vulnerability in the component \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata parameter.
- risk 0.28cvss 4.3epss 0.00
A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. It is possible to initiate…
- risk 0.28cvss 4.3epss 0.01
Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter.
- risk 0.18cvss 2.7epss 0.01
A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php:
Page 2 of 2