Lucene search

[email protected]CVE-2020-29247

HistoryDec 24, 2020 - 8:15 p.m.

CVE-2020-29247

2020-12-2420:15:12

CWE-79

[email protected]

web.nvd.nist.gov

wondercms

3.1.3

xss

vulnerability

admin panel

cross-site scripting

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

62.2%

JSON

WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload.

Affected configurations

NVD

Node

wondercmswondercmsMatch3.1.3

CPENameOperatorVersion
wondercms:wondercmswondercmseq3.1.3

CPE	Name	Operator	Version
wondercms:wondercms	wondercms	eq	3.1.3

References

wondercms.com

systemweakness.com/cve-2020-29247-wondercms-3-1-3-page-persistent-cross-site-scripting-3dd2bb210beb

www.exploit-db.com/exploits/49102

Social References

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

62.2%

JSON

Related for CVE-2020-29247

prion1 nvd1 osv1 cvelist1