CVE-2024-32338

Name of the Vulnerable Software and Affected Versions WonderCMS version 3.4.3

Description A cross-site scripting (XSS) vulnerability in the Settings section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module. This issue enables attackers to inject malicious code, potentially leading to unauthorized actions on the affected system.

Recommendations For WonderCMS version 3.4.3, consider disabling the Current Page module or restricting access to the Settings section until a patch is available. Avoid using the PAGE TITLE parameter in the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.