WonderCMS community

The inputs will need to be properly sanitized to remove possibly malicious data being given to the application. Lines 12 and 13 of index.php need to be filtered and limited to just text to stop the XSS attack. (More information on XSS attacks is available here: https://www.owasp.org/index.php/Cross-...

To continue upon what igorkov found and mentioned in this post, http://wondercms.com/forum/viewtopic.php?f=20&t=620 , I've found another security vulnerability in WonderCMS. The 404 page/page created page is vulnerable to XSS injection. Proof of Concept: http://wondercms.com/%3Cscript%3Ealert%28...