Prodigiousmind

**Name of the Vulnerable Software and Affected Versions** WonderCMS version 4.3.2 **Description** WonderCMS version 4.3.2 contains a cross-site scripting issue that allows attackers to inject malicious JavaScript through the module installation endpoint. An attacker can craft a specially designed XSS payload to install a reverse shell module and execute remote commands by tricking an authenticated administrator into accessing a malicious link. The API endpoint involved is the module installation endpoint. The vulnerable parameter is the XSS payload. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wonder CMS versions 3.2.0 through 3.4.2 **Description** The issue is related to a Cross Site Scripting vulnerability that allows a remote attacker to execute arbitrary code via a crafted script uploaded to the `installModule` component. This vulnerability can lead to code execution and potentially other security issues. The estimated number of potentially affected devices is not specified. There have been real-world incidents where this issue was exploited, including a scenario where an attacker used it to gain access to a system and exfiltrate database credentials. **Recommendations** For Wonder CMS versions 3.2.0 through 3.4.2, consider disabling the `installModule` component until a patch is available to prevent exploitation. Restrict access to this component to minimize the risk of arbitrary code execution. Avoid using the `installModule` component for uploading scripts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.