CVE-2024-48239 Information

Description

An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php the app parameters aren’t processed resulting in Cross Site Scripting (XSS).

Reference

https://github.com/taosir/wtcms/issues/16