Software link: WonderCMS 3.4.3 [https://www.wondercms.com/download]
@author: Antonio Díaz.
Description: Cross-site scripting (XSS) vulnerability in CURRENT PAGE of the SETTINGS section of WonderCMS 3.4.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'PAGE TITLE', 'PAGE KEYWORDS' and/or 'PAGE DESCRIPTION'.
CVE: CVE-2024-32338, CVE-2024-32744 y CVE-2024-32745.
- Enter to Current Page of the SETTINGS section in the webpage and in 'PAGE TITLE' set the payload:
- Click anywhere outside the parameter box to save:
- Enter to Current Page of the SETTINGS section in the webpage and in 'PAGE KEYWORDS' set the payload:
- Click anywhere outside the parameter box to save:
- Enter to Current Page of the SETTINGS section in the webpage and in 'PAGE DESCRIPTION' set the payload:
- Click anywhere outside the parameter box to save: