CVE-2018-10313

MEDIUM

WUZHI CMS 4.1.0 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-10313. PoCs published by jiguang.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in WUZHI CMS 4.1.0 via the `form[qq_10]` parameter. The PoC shows how an attacker can inject malicious JavaScript to steal administrator cookies or perform phishing attacks.

Description

WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI.

Exploits (1)

exploitdb WORKING POC

by jiguang · textwebappsphp

https://www.exploit-db.com/exploits/44617

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in WUZHI CMS 4.1.0 via the `form[qq_10]` parameter. The PoC shows how an attacker can inject malicious JavaScript to steal administrator cookies or perform phishing attacks.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WUZHI CMS 4.1.0

Auth required

Prerequisites: Access to a user account with profile edit permissions · Victim interaction to trigger the XSS payload

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44617/

Exploit, Third Party Advisory x_refsource_misc

https://github.com/wuzhicms/wuzhicms/issues/133

Scores

CVSS v3 5.4

EPSS 0.0224

EPSS Percentile 80.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

wuzhicms/wuzhicms 4.1.0

Published Apr 24, 2018

Tracked Since Feb 18, 2026