CVE-2020-19915

Name of the Vulnerable Software and Affected Versions: WUZHI CMS version 4.1.0

Description: A Cross Site Scripting (XSS) issue exists in the software, specifically via the mailbox username in the "index.php" endpoint. This allows for potential malicious script execution.

Recommendations: For WUZHI CMS version 4.1.0, consider disabling the mailbox username field in the "index.php" endpoint as a temporary workaround until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.