Medium severity4.4OSV Advisory· Published Feb 9, 2018· Updated Jun 17, 2026
CVE-2018-1000062
CVE-2018-1000062
Description
WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' => 'image/svg+xml' that can result in An attacker can execute arbitrary script on an unsuspecting user's browser. This attack appear to be exploitable via Crafted SVG File.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- github.com/robiso/wondercms/blob/ea640a02b4b8d88835d2e01600d24b23176fb665/index.phpnvdPatchThird Party Advisory
- github.com/robiso/wondercms/issues/56nvdThird Party Advisory
News mentions
0No linked articles in our index yet.