Donky16

Name of the Vulnerable Software and Affected Versions: Wuzhi CMS version 4.1.0 Description: The issue allows remote attackers to execute arbitrary code via the `Title` parameter in the "/coreframe/app/guestbook/myissue.php" API endpoint. This is a Cross Site Scripting (XSS) issue. Recommendations: For Wuzhi CMS version 4.1.0, avoid using the `Title` parameter in the "/coreframe/app/guestbook/myissue.php" API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "/coreframe/app/guestbook/myissue.php" component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.