CVE-2018-1000062

WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' => 'image/svg+xml' that can result in An attacker can execute arbitrary script on an unsuspecting user's browser. This attack appear to be exploitable via Crafted SVG File.
Configurations

Configuration 1

cpe:2.3:a:wondercms:wondercms:2.4.0:*:*:*:*:*:*:*

Information

Published : 2018-02-09 11:29

Updated : 2018-03-05 04:18


NVD link : CVE-2018-1000062

Mitre link : CVE-2018-1000062

Products Affected
No products.
CWE