cve/2023/CVE-2023-41425.md

### [CVE-2023-41425](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41425)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.

### POC

#### Reference
- https://gist.github.com/prodigiousMind/fc69a79629c4ba9ee88a7ad526043413

#### Github
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/prodigiousMind/CVE-2023-41425