5 matches found
Input validation
DISPUTED In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their...
CVE-2017-14521
In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload...
Design/Logic Flaw
In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload...
CVE-2017-14521
In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload...
CVE-2017-14522
In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their website...