Feixuezhi

**Name of the Vulnerable Software and Affected Versions** wuzhicms version 4.1.0 **Description** A reflected Cross Site Scripting (XSS) issue allows remote attackers to execute arbitrary web script or HTML via the `imgurl` parameter. This enables attackers to potentially hijack user sessions, steal sensitive data, or perform other malicious actions. **Recommendations** For wuzhicms version 4.1.0, consider restricting access to the `imgurl` parameter to minimize the risk of exploitation until a patch is available. Avoid using the `imgurl` parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WUZHI CMS version 4.1.0 Description: A Cross Site Scripting (XSS) issue exists in the software, specifically via the `mailbox username` in the "index.php" endpoint. This allows for potential malicious script execution. Recommendations: For WUZHI CMS version 4.1.0, consider disabling the `mailbox username` field in the "index.php" endpoint as a temporary workaround until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.