Skip to main content

Wuzhicms CVE-2018-10367

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2018-04-25 cve@mitre.org
4.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
4.8 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 25, 2018 - 09:29 nvd
MEDIUM 4.8

DescriptionNVD

An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section.

AnalysisAI

An issue was discovered in WUZHI CMS 4.1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section. Affected products include: Wuzhicms.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2023-52064 CRITICAL POC
9.8 Jan 10

Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyf

CVE-2023-46482 CRITICAL POC
9.8 Nov 01

SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Back

CVE-2022-27431 CRITICAL POC
9.8 May 04

Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/memb

CVE-2021-40674 CRITICAL POC
9.8 Sep 20

An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.

CVE-2021-40670 CRITICAL POC
9.8 Sep 16

SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/c

CVE-2021-40669 CRITICAL POC
9.8 Sep 16

SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/i

CVE-2018-20572 CRITICAL POC
9.8 Dec 28

WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=searc

CVE-2018-11722 CRITICAL POC
9.8 Jun 05

WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded. Rated critic

CVE-2018-11528 CRITICAL POC
9.8 May 29

WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI. Rated critical severity (CVSS 9.8), this vulnerab

CVE-2018-18712 HIGH POC
8.8 Oct 29

An issue was discovered in WUZHI CMS 4.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable,

CVE-2018-18711 HIGH POC
8.8 Oct 29

An issue was discovered in WUZHI CMS 4.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable,

CVE-2018-11493 HIGH POC
8.8 May 26

An issue was discovered in WUZHI CMS 4.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable,

Share

CVE-2018-10367 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy