Exploits / Vulnerability Discovered : 2018-05-13 |
Type : webapps |
Platform : php
This exploit / vulnerability Wuzhi cms 4.1.0 tag[pinyin] crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
An issue was discovered in WUZHI CMS 4.1.0 (https://github.com/wuzhicms/wuzhicms/issues/131)
There is a xss vulnerability that can stealing administrator cookie, fishing attack, etc. via the tag[pinyin] parameter post to the /index.php?m=tags&f=index&v=add&&_su=wuzhicms&_menuid=?&_submenuid=?