VYPR

Vendor CVEs

WuzhiCMS

All CVEs

66 total · sorted by risk
  • CVE-2020-19770MedDec 21, 2021
    risk 0.35cvss 5.4epss 0.00

    A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie.

  • CVE-2020-19553MedSep 21, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php.

  • CVE-2018-17426MedMar 7, 2019
    risk 0.35cvss 5.4epss 0.01

    WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI.

  • CVE-2018-17425MedMar 7, 2019
    risk 0.35cvss 5.4epss 0.01

    WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI.

  • CVE-2018-11549MedMay 29, 2018
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring.

  • CVE-2018-10221MedApr 19, 2018
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lower than the…

  • CVE-2025-3563MedApr 14, 2025
    risk 0.31cvss 4.7epss 0.01

    A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue is the function Set of the file /index.php?m=attachment&f=index&_su=wuzhicms&v=set&submit=1 of the component Setting Handler. The manipulation of the argument Setting leads to code…

  • CVE-2018-18939MedNov 5, 2018
    risk 0.31cvss 4.8epss 0.01

    An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field.

  • CVE-2018-18938MedNov 5, 2018
    risk 0.31cvss 4.8epss 0.01

    An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field.

  • CVE-2018-10391MedApr 26, 2018
    risk 0.31cvss 4.8epss 0.01

    An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI.

  • CVE-2018-10368MedApr 25, 2018
    risk 0.31cvss 4.8epss 0.01

    An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an announcement.

  • CVE-2018-10367MedApr 25, 2018
    risk 0.31cvss 4.8epss 0.01

    An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section.

  • CVE-2024-32206MedApr 19, 2024
    risk 0.30cvss 4.6epss 0.01

    A stored cross-site scripting (XSS) vulnerability in the component \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata parameter.

  • CVE-2025-0480MedJan 15, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. It is possible to initiate…

  • CVE-2020-21590MedApr 2, 2021
    risk 0.28cvss 4.3epss 0.01

    Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter.

  • CVE-2022-36168LowAug 26, 2022
    risk 0.18cvss 2.7epss 0.01

    A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php:

Page 2 of 2