A xss vulnerability was discovered in WUZHI CMS 4.1.0
There is a reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via the username parameter of /index.php?m=message&f=message&v=add
Vulnerability file: coreframe/app/message/message.php
public function add() {
$seo_title = '发私信';
$memberinfo = $this->memberinfo;
A xss vulnerability was discovered in WUZHI CMS 4.1.0
There is a reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via the x or y parameter of /index.php?m=core&f=map&v=baidumap
Vulnerability file: coreframe/app/core/map.php
public function baidumap() {
$map_x = isset($GLOBALS['x']) && !empty($GLOBALS['x']) ? $GLOBALS['x'] : 116;
$map_y = isset($GLOBALS['y']) && !empty($GLOBALS['y']) ? $GLOBALS['y'] : 39;
A xss vulnerability was discovered in WUZHI CMS 4.1.0
There is a reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via the set_iframe parameter of /index.php?m=content&f=postinfo&v=listing
Vulnerability file: coreframe/app/content/postinfo.php
function __construct() {
$this->member = load_class('member', 'member');
load_function('common', 'member');
A xss vulnerability was discovered in WUZHI CMS 4.1.0
There is a reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of /index.php?m=attachment&f=imagecut&v=init
Vulnerability file: coreframe/app/attachment/imagecut.php
function init() {
if(isset($GLOBALS['imgBase64'])) {
......