patrickdeanramos/WonderCMS-version-3.4.3-SVG-Stored-Cross-Site-Scripting

Releases0

WonderCMS version 3.4.3 is vulnerable to stored cross-site scripting (XSS) during file uploads involving SVG files.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-41304 ↗	Jul 30, 2024Tuesday, 30 July 2024, 18:15	5.4 MEDIUM	—
An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file.