CVE-2024-41304

Published
View on NVD ↗
CVSS v3
5.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file.

patrickdeanramos/WonderCMS-version-3.4.3-SVG-Stored-Cross-Site-Scripting
patrickdeanramos/WonderCMS-version-3.4.3-SVG-Stored-Cross-Site-Scripting
WonderCMS version 3.4.3 is vulnerable to stored cross-site scripting (XSS) during file uploads involving SVG files.
GitHubGitHub