Multiple Cross-Site Scripting Vulnerabilities in WonderCMS by WonderCMS
CVE-2024-32341

5.4MEDIUM

Key Information:

Vendor: WonderCMS
Status: WonderCMS
Vendor: CVE Published:; 17 April 2024

What is CVE-2024-32341?

WonderCMS version 3.4.3 contains multiple cross-site scripting (XSS) vulnerabilities that allow attackers to inject and execute arbitrary web scripts or HTML. This is achieved by manipulating input parameters on the home page of the application with crafted payloads. Such vulnerabilities can compromise the integrity of user data and lead to unauthorized actions within the web application. Developers and users must take precautionary measures to patch affected versions and prioritize securing input validation mechanisms.

References

https://github.com/adiapera/xss_home_page_wondercms_3.4.3

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2024
Vulnerability Reserved
Apr 12, 2024