PT-2022-26855 · Wondercms · Wondercms

Maikroservice

Published

2022-11-11

Updated

2025-04-29

CVE-2022-43332

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Wondercms version 3.3.4

Description A cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel.

Recommendations For Wondercms version 3.3.4, consider removing or restricting the ability to inject HTML into the Site title field until a patch is available. As a temporary workaround, restrict access to the Configuration Panel to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-43332

Affected Products

Wondercms

PT-2022-26855 · Wondercms · Wondercms

CVE-2022-43332

Weakness Enumeration

Related Identifiers

Affected Products

References · 7