Stored XSS Vulnerability in WUZHI CMS 4.1.0 via Account Settings

CVE-2018-11549 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring.

Learn more about our Cms Pen Testing.