VYPR
Medium severity4.4OSV Advisory· Published Feb 9, 2018· Updated Jun 17, 2026

CVE-2018-1000062

CVE-2018-1000062

Description

WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' => 'image/svg+xml' that can result in An attacker can execute arbitrary script on an unsuspecting user's browser. This attack appear to be exploitable via Crafted SVG File.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Robiso/WondercmsOSV2 versions
    1.1.0-beta, 1.2.0-beta, 2.0.0, …+ 1 more
    • (no CPE)range: 1.1.0-beta, 1.2.0-beta, 2.0.0, …
    • (no CPE)range: = 2.4.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.

CVE-2018-1000062 · Medium · VYPR