CVE-2020-29469

Name of the Vulnerable Software and Affected Versions WonderCMS version 3.1.3

Description The issue affects the Menu component, allowing an attacker to inject a cross-site scripting (XSS) payload in the Setting - Menu. This payload triggers every time a user visits the website directory, potentially enabling the attacker to steal cookies based on the crafted payload.

Recommendations For WonderCMS version 3.1.3, consider disabling the Menu component in the Setting - Menu as a temporary workaround until a patch is available. Restrict access to the Menu settings to minimize the risk of exploitation. Avoid using the vulnerable Menu component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.