Vulnerability Details CVE-2017-14522
In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their website
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.6%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References