Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wuzhicms wuzhicms 4.1.0 vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2018-10391
An issue exists in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI.
Wuzhicms Wuzhi Cms 4.1.0
6.1
CVSSv3
CVE-2019-9107
XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php.
Wuzhicms Wuzhi Cms 4.1.0
6.1
CVSSv3
CVE-2019-9109
XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php.
Wuzhicms Wuzhi Cms 4.1.0
1 Article
8.8
CVSSv3
CVE-2018-18712
An issue exists in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1.
Wuzhicms Wuzhi Cms 4.1.0
4.8
CVSSv3
CVE-2018-18938
An issue exists in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field.
Wuzhicms Wuzhi Cms 4.1.0
5.4
CVSSv3
CVE-2020-19770
A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows malicious users to steal the admin's cookie.
Wuzhicms Wuzhi Cms 4.1.0
6.1
CVSSv3
CVE-2020-19897
A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote malicious users to execute arbitrary web script or HTML via the imgurl parameter.
Wuzhicms Wuzhi Cms 4.1.0
8.8
CVSSv3
CVE-2020-19551
Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong.
Wuzhicms Wuzhicms
5.4
CVSSv3
CVE-2020-19553
Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php.
Wuzhicms Wuzhicms
NA
CVE-2024-31008
An issue exists in WUZHICMS version 4.1.0, allows an malicious user to execute arbitrary code and obtain sensitive information via the index.php file.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2024-5274
CVE-2020-17519
CVE-2024-35340
CVE-2021-47558
local
XML injection
CVE-2021-47519
CVE-2021-47543
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5