Stored Cross-Site Scripting on File Upload through SVG in WonderCMS version 2.4.0

Stored Cross-Site Scripting on File Upload through SVG in WonderCMS version 2.4.0

CVE-2018-1000062 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' => 'image/svg+xml' that can result in An attacker can execute arbitrary script on an unsuspecting user's browser. This attack appear to be exploitable via Crafted SVG File.

Learn more about our Cms Pen Testing.