require/bbscode.php file in PHPWind imposes less strict filtering policies on user input parameters.
As a result, hackers can send malicious requests to build storage XSS vulnerabilities in the post text, stealing user data and further breaking into the website.
PHPWind 8.7 and later
Use Alibaba Cloud Security Web Application Firewall to intercept the attacking code for this vulnerability.
Use Alibaba Cloud Security Server Guard Professional Edition to fix this vulnerability. Server Guard can modify the vulnerable code to eliminate this vulnerability.
Upgrade PHPWind to the latest version from the official website.