2018-01-26 20:00:00
mitre
PUBLISHED
In WonderCMS 2.3.1, the applications input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their website