In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their website
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-01-26T20:00:00

Updated: 2024-08-05T19:27:40.861Z

Reserved: 2017-09-17T00:00:00

Link: CVE-2017-14522

cve-icon Vulnrichment

Updated: 2024-08-05T19:27:40.861Z

cve-icon NVD

Status : Modified

Published: 2018-01-26T20:29:00.847

Modified: 2024-11-21T03:12:58.563

Link: CVE-2017-14522

cve-icon Redhat

No data.