CVE-2017-14522

Name of the Vulnerable Software and Affected Versions: WonderCMS version 2.3.1

Description: The application's input fields accept arbitrary user input, resulting in the execution of malicious JavaScript. It is noted that the vendor disputes this issue, stating it is a feature that enables only a logged-in administrator to write and execute JavaScript anywhere on their website.

Recommendations: For WonderCMS version 2.3.1, as a temporary workaround, consider restricting access to input fields to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.