CVE-2019-9107

Name of the Vulnerable Software and Affected Versions WUZHI CMS version 4.1.0

Description A security issue exists where an XSS attack can be performed. The issue is related to the "index.php?m=attachment&f=imagecut&v=init&imgurl=" endpoint, which is connected to the coreframe/app/attachment/imagecut.php file.

Recommendations For WUZHI CMS version 4.1.0, as a temporary workaround, consider restricting access to the "imagecut" function in the attachment module until a patch is available. Avoid using the "imgurl" parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.