Vulnerabilities > CVE-2024-32206 - Unspecified vulnerability in Wuzhicms 4.1.0

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

wuzhicms

NVD

Published: 2024-04-19

Updated: 2025-05-05

Summary

A stored cross-site scripting (XSS) vulnerability in the component \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata parameter.

Vulnerable Configurations

Part	Description	Count
Application	Wuzhicms Wuzhicms Wuzhicms 4.1.0	1

References

http://wuzhicms.com
http://wuzhicms.com
https://github.com/majic-banana/vulnerability/blob/main/POC/WUZHICMS4.1.0%20Stored%20Xss%20In%20Affiche%20Model.md
https://github.com/majic-banana/vulnerability/blob/main/POC/WUZHICMS4.1.0%20Stored%20Xss%20In%20Affiche%20Model.md
https://github.com/wuzhicms/wuzhicms
https://github.com/wuzhicms/wuzhicms