Stored Cross-Site Scripting Vulnerability in WonderCMS
CVE-2018-1000062

4.4MEDIUM

Key Information:

Vendor

Wondercms

Status
Wondercms
Vendor
CVE Published:
9 February 2018

What is CVE-2018-1000062?

WonderCMS version 2.4.0 is susceptible to a stored cross-site scripting (XSS) vulnerability due to improper handling of SVG file uploads in the uploadFileAction() method. This flaw allows an attacker to craft malicious SVG files, which can then execute arbitrary scripts in the context of the user's browser when they interact with the compromised upload functionality. Such vulnerabilities pose significant risks, enabling data theft, session hijacking, or delivering malware to unsuspecting users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/robiso/wondercms/issues/56
x_refsource_CONFIRM
https://github.com/robiso/wondercms/blob/ea640a02b4b8d888...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.