Cross-Site Scripting Vulnerability in WonderCMS by WonderCMS
CVE-2024-32340

Currently unrated

Key Information:

Vendor: WonderCMS
Status: WonderCMS
Vendor: CVE Published:; 17 April 2024

What is CVE-2024-32340?

A cross-site scripting (XSS) vulnerability has been identified in the Settings section of WonderCMS version 3.4.3. This flaw enables attackers to inject arbitrary web scripts or HTML through a specially crafted payload into the WEBSITE TITLE parameter located under the Menu module. Exploitation of this vulnerability can lead to the execution of malicious scripts in a user's browser, posing significant security risks to unsuspecting users.

References

https://github.com/adiapera/xss_menu_page_wondercms_3.4.3

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2024
Vulnerability Reserved
Apr 12, 2024