CVE-2018-17426

Name of the Vulnerable Software and Affected Versions WUZHI CMS version 4.1.0

Description The issue is related to stored XSS, which can be triggered via the Extension module and specifically the SMS in station field. This field is accessible under the index.php?m=core URI, which is an API endpoint. The SMS in station field is a vulnerable parameter that can be exploited.

Recommendations For WUZHI CMS version 4.1.0, as a temporary workaround, consider restricting access to the Extension module and the SMS in station field until a patch is available. Avoid using the SMS in station field in the index.php?m=core URI endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.