CVE-2019-9109

Name of the Vulnerable Software and Affected Versions WUZHI CMS version 4.1.0

Description A security issue exists where an XSS attack can be performed. The issue is related to the "index.php?m=message&f=message&v=add" endpoint, specifically with the username variable.

Recommendations For WUZHI CMS version 4.1.0, as a temporary workaround, consider validating and sanitizing user input for the username variable in the "index.php?m=message&f=message&v=add" endpoint to prevent XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.