CVE-2024-32744

Name of the Vulnerable Software and Affected Versions WonderCMS version 3.4.3

Description A cross-site scripting (XSS) vulnerability in the Settings section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module.

Recommendations For WonderCMS version 3.4.3, consider disabling the Settings section or restricting access to the CURRENT PAGE module until a patch is available. Avoid using the PAGE KEYWORDS parameter in the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.