A7cc/gist:e28b5790d8b40df8d418d1bd15c25d12 Secret

## gistfile1.txt
[CVE-ID]
CVE-2025-25916

[PRODUCT]
wuzhicms v4.1.0

[TYPE]
XSS

[DESCRIPTION]
WUZHI CMS 4.1.0 system \coreframe\app\member\admin\group.php path del function has XSS vulnerability!

[DETAILS]
The vulnerability is due to the XSS vulnerability caused by the del function under the \coreframe\app\member\admin\group.php file, which did not do security filtering when passing callback parameters.

[Mitigation & Fix Recommendations]
1. Validity verification and escape processing of input data, such as HTML entity coding, JavaScript coding, etc. This approach protects the security of your application by avoiding the direct insertion of malicious code into the HTML document.
2. Limit the input of special characters, such as <, >, /, ', and ", to prevent XSS attacks.

[MORE]
https://github.com/wuzhicms/wuzhicms/issues/213
	[CVE-ID]
	CVE-2025-25916

	[PRODUCT]
	wuzhicms v4.1.0

	[TYPE]
	XSS

	[DESCRIPTION]
	WUZHI CMS 4.1.0 system \coreframe\app\member\admin\group.php path del function has XSS vulnerability!

	[DETAILS]
	The vulnerability is due to the XSS vulnerability caused by the del function under the \coreframe\app\member\admin\group.php file, which did not do security filtering when passing callback parameters.

	[Mitigation & Fix Recommendations]
	1. Validity verification and escape processing of input data, such as HTML entity coding, JavaScript coding, etc. This approach protects the security of your application by avoiding the direct insertion of malicious code into the HTML document.
	2. Limit the input of special characters, such as <, >, /, ', and ", to prevent XSS attacks.

	[MORE]
	https://github.com/wuzhicms/wuzhicms/issues/213