CVE-2020-29247

Name of the Vulnerable Software and Affected Versions WonderCMS version 3.1.3

Description The issue affects the Admin Panel of WonderCMS, where an attacker can inject a cross-site scripting (XSS) payload in Page keywords. Each time a user visits the website, the XSS triggers, allowing the attacker to steal cookies based on the crafted payload.

Recommendations For WonderCMS version 3.1.3, as a temporary workaround, consider restricting access to the Admin Panel to minimize the risk of exploitation. Avoid using the page keywords feature in the Admin Panel until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.