CVE-2019-9110

Name of the Vulnerable Software and Affected Versions WUZHI CMS version 4.1.0

Description A security issue exists where an XSS attack can be performed. The issue is related to the "index.php?m=content&f=postinfo&v=listing&set iframe=" API endpoint, which is connected to the coreframe/app/content/postinfo.php file.

Recommendations For WUZHI CMS version 4.1.0, as a temporary workaround, consider restricting access to the "index.php?m=content&f=postinfo&v=listing&set iframe=" endpoint until a patch is available. Avoid using the set iframe parameter in the affected API endpoint until the issue is resolved.