CVE-2023-41425

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 7, 2023

Updated: Nov 14, 2023

CWE ID 79

Summary

CVE-2023-41425 is a Cross-Site Scripting (XSS) vulnerability affecting Wonder CMS versions 3.2.0 to 3.4.2. An attacker can exploit this flaw by uploading a malicious script to the installModule component, enabling them to execute arbitrary code on unsuspecting users' browsers. Successful exploitation may lead to session hijacking, data theft, or other malicious activities. It is crucial for users running these affected versions to patch their systems immediately to prevent potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sgIOuP
https://www.cve.org/CVERecord?id=CVE-2023-41425
https://nvd.nist.gov/vuln/detail/CVE-2023-41425

Back to Vulnerability Database

CVE-2023-41425

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations