CVE-2018-10313

Name of the Vulnerable Software and Affected Versions: WUZHI CMS version 4.1.0

Description: The issue allows for persistent XSS via the form%5Bqq 10%5D parameter to the "/index.php?m=member&f=index&v=profile&set iframe=1" URI. This enables potential attackers to inject malicious scripts into the application.

Recommendations: For WUZHI CMS version 4.1.0, avoid using the form%5Bqq 10%5D parameter in the affected API endpoint until the issue is resolved. Restrict access to the "/index.php?m=member&f=index&v=profile&set iframe=1" URI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.