Tanmay-No

Name of the Vulnerable Software and Affected Versions: WonderCMS version 2.4.0 Description: The issue allows an attacker to execute arbitrary script on an unsuspecting user's browser through a Stored Cross-Site Scripting vulnerability in the file upload functionality. This is achieved by exploiting the `uploadFileAction()` function, specifically when handling SVG files defined as `'svg' => 'image/svg+xml'`. The attack can be performed by uploading a crafted SVG file. Recommendations: For WonderCMS version 2.4.0, consider disabling the `uploadFileAction()` function or restricting the upload of SVG files until a patch is available. As a temporary workaround, avoid using the `'svg' => 'image/svg+xml'` parameter in the file upload functionality to minimize the risk of exploitation.