CVE-2024-32743

Name of the Vulnerable Software and Affected Versions WonderCMS version 3.4.3

Description A cross-site scripting (XSS) vulnerability in the Settings section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module.

Recommendations For WonderCMS version 3.4.3, consider disabling the Security module or restricting access to the Settings section until a patch is available. Avoid using the SITE LANGUAGE CONFIG parameter in the affected Settings section until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.