Page 1 of 1
[SVG ONLY FEATURE/BUG] Stored Cross-Site Scripting Vulnerability
Posted: Thu Feb 08, 2018 9:20 am
I have found stored cross-site scripting on WonderCMS 2.4.0 application.
Vulnerability exists on File Upload functionality.
Re: [SVG ONLY FEATURE/BUG] Stored Cross-Site Scripting Vulnerability
Posted: Fri Feb 09, 2018 6:33 pm
Please check the following link for this discussion. https://github.com/robiso/wondercms/issues/57
1. Disable SVG's.