CVE-2024-58305

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WonderCMS version 4.3.2

Description WonderCMS version 4.3.2 contains a cross-site scripting issue that allows attackers to inject malicious JavaScript through the module installation endpoint. An attacker can craft a specially designed XSS payload to install a reverse shell module and execute remote commands by tricking an authenticated administrator into accessing a malicious link. The API endpoint involved is the module installation endpoint. The vulnerable parameter is the XSS payload.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-58305

Affected Products

Wondercms

CVE-2024-58305

Weakness Enumeration

Related Identifiers

Affected Products

References · 8