A xss vulnerability was discovered in WUZHI CMS 4.1.0
There is a reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via the username parameter of /index.php?m=message&f=message&v=add
Vulnerability file: coreframe/app/message/message.php
public function add() {
$seo_title = '发私信';
$memberinfo = $this->memberinfo;