Arbitrary JavaScript Execution Vulnerability in WonderCMS 2.3.1

Arbitrary JavaScript Execution Vulnerability in WonderCMS 2.3.1

CVE-2017-14522 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their website

Learn more about our Web App Pen Testing.