CVE-2018-11549

Name of the Vulnerable Software and Affected Versions WUZHI CMS version 4.1.0

Description A Stored XSS issue was found in the "Account Settings -> Member Centre -> Chinese information -> Ordinary member" section, specifically via a QQ number. This can be exploited through a form submission, where the qq 10 variable is manipulated using a substring.

Recommendations For WUZHI CMS version 4.1.0, as a temporary workaround, consider restricting access to the "Account Settings -> Member Centre -> Chinese information -> Ordinary member" section until a patch is available. Avoid using the qq 10 variable in the affected form submission until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.