CVE-2019-9108

Name of the Vulnerable Software and Affected Versions WUZHI CMS version 4.1.0

Description The issue exists due to a cross-site scripting (XSS) flaw. This flaw can be exploited via the index.php endpoint, specifically through the m, f, v, x, and y parameters. The vulnerable endpoint is /index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS], which ultimately affects the coreframe/app/core/map.php file.

Recommendations For WUZHI CMS version 4.1.0, consider restricting access to the index.php endpoint with the specified parameters until a patch is available. As a temporary workaround, avoid using the x and y parameters in the affected API endpoint.