Vulnerability Description
WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed XSS payload to install a reverse shell module and execute remote commands by tricking an authenticated administrator into accessing a malicious link.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/WonderCMS/wondercms
- https://www.exploit-db.com/exploits/51805
- https://www.vulncheck.com/advisories/wondercms-cross-site-scripting-remote-code-
- https://www.wondercms.com/
FAQ
What is CVE-2024-58305?
CVE-2024-58305 is a vulnerability with a CVSS score of 8.8 (HIGH). WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed XS...
How severe is CVE-2024-58305?
CVE-2024-58305 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-58305?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.