{"id":"CVE-2018-1000062","details":"WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' =\u003e 'image/svg+xml' that can result in An attacker can execute arbitrary script on an unsuspecting user's browser. This attack appear to be exploitable via Crafted SVG File.","modified":"2026-05-30T10:21:30.464252Z","published":"2018-02-09T23:29:02.307Z","references":[{"type":"ADVISORY","url":"https://github.com/robiso/wondercms/issues/56"},{"type":"FIX","url":"https://github.com/robiso/wondercms/blob/ea640a02b4b8d88835d2e01600d24b23176fb665/index.php#L737"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wondercms/wondercms","events":[{"introduced":"0"},{"last_affected":"8aec5e9a3aa9eed568e0552abe0830e00bb63bf7"}],"database_specific":{"cpe":"cpe:2.3:a:wondercms:wondercms:2.4.0:*:*:*:*:*:*:*","source":"CPE_STRING","extracted_events":[{"introduced":"0"},{"last_affected":"2.4.0"}]}}],"versions":["2.4.0","2.3.2","2.3.1","2.3.0","2.2.1","2.2.0","2.1.0","2.0.6","2.0.5","2.0.4","2.0.3","2.0.2","2.0.1","2.0.0","1.2.0-beta","1.1.0-beta"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000062.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}