CVE-2018-10313
- EPSS 0.53%
- Published 24.04.2018 02:29:00
- Last modified 05.05.2025 18:10:51
WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI.
CVE-2018-10312
- EPSS 0.33%
- Published 24.04.2018 02:29:00
- Last modified 05.05.2025 18:10:51
index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.
CVE-2018-10311
- EPSS 0.44%
- Published 24.04.2018 02:29:00
- Last modified 05.05.2025 18:10:51
A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI.
CVE-2018-10248
- EPSS 0.12%
- Published 20.04.2018 17:29:00
- Last modified 05.05.2025 18:10:51
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can delete any article via index.php?m=content&f=content&v=recycle_delete.
CVE-2018-10221
- EPSS 0.21%
- Published 19.04.2018 08:29:00
- Last modified 21.11.2024 03:41:02
An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege ...
CVE-2018-9926
- EPSS 0.33%
- Published 10.04.2018 06:29:00
- Last modified 21.11.2024 04:15:51
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add.
CVE-2018-9927
- EPSS 0.14%
- Published 10.04.2018 06:29:00
- Last modified 21.11.2024 04:15:51
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a user account via index.php?m=member&f=index&v=add.