Vulnerabilities > Wuzhicms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-23 | CVE-2023-31860 | Cross-site Scripting vulnerability in Wuzhicms Wuzhi CMS 3.1.2 Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system. | 5.4 |
| 2023-04-28 | CVE-2023-30123 | Cross-site Scripting vulnerability in Wuzhicms 4.1.0 wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings. | 5.4 |
| 2022-06-28 | CVE-2020-19897 | Cross-site Scripting vulnerability in Wuzhicms Wuzhi CMS 4.1.0 A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter. | 4.3 |
| 2021-10-12 | CVE-2020-28145 | Exposure of Resource to Wrong Sphere vulnerability in Wuzhicms 4.0.1 Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information. | 5.0 |
| 2021-09-28 | CVE-2020-20124 | Code Injection vulnerability in Wuzhicms Wuzhi CMS 4.1.0 Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php. | 6.5 |
| 2021-09-27 | CVE-2020-24930 | Unspecified vulnerability in Wuzhicms 4.1.0 Beijing Wuzhi Internet Technology Co., Ltd. | 5.5 |
| 2021-09-21 | CVE-2020-19551 | Incorrect Authorization vulnerability in Wuzhicms Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong. | 6.5 |
| 2021-09-20 | CVE-2020-19915 | Cross-site Scripting vulnerability in Wuzhicms 4.1.0 Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php. | 4.3 |
| 2021-08-20 | CVE-2020-18877 | SQL Injection vulnerability in Wuzhicms 4.1.0 SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'. | 5.0 |
| 2021-06-22 | CVE-2020-18654 | Cross-site Scripting vulnerability in Wuzhicms 4.1.0 Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the "Title" parameter in the component "/coreframe/app/guestbook/myissue.php". | 4.3 |