WonderCMS Cross-Site Scripting Vulnerability

WonderCMS is a cms. version 3.4.1 of WonderCMS contains a cross-site scripting vulnerability that can be exploited by attackers to cause XSS to occur when any user opens a specific blog hosted on their website...

CVE-2021-42233

The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting XSS vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur...

CVE-2021-42233

The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting XSS vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur...

Cross site scripting

The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting XSS vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur...

CVE-2021-42233

CVE-2021-42233 describes a stored XSS vulnerability in the WonderCMS Simple Blog plugin (version 3.4.1). The issue occurs when a user views a specific blog post hosted on an attacker’s site, allowing the attacker to inject script via vulnerable blog content. The public documentation consistently ...

CVE-2021-42233

The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting XSS vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur...

m1k1o's Blog 1.3 Remote Code Execution

Exploit Title: m1k1o's Blog v.10 - Remote Code Execution RCE Authenticated Date: 2022-01-06 Exploit Author: Malte V Vendor Homepage: https://github.com/m1k1o/blog Software Link: https://github.com/m1k1o/blog/archive/refs/tags/v1.3.zip Version: 1.3 and below Tested on: Linux CVE : CVE-2022-23626...

Wondercms plugin Simple Blog 跨站脚本漏洞

WonderCMS is a cms. version 3.4.1 of WonderCMS contains a cross-site scripting vulnerability that can be exploited by attackers to cause XSS to occur when any user opens a specific blog hosted on their website...

Threat Source newsletter (May 19, 2022) — Why I'm missing the days of iPods and LimeWire

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. I will openly admit that I still own a “classic” iPod — the giant brick that weighed down my skinny jeans in high school and did nothing except play music. There are dozens of hours of music on there that I... This is...

GHSA-46VM-RWRF-JRXM CSRF in baserCMS 3.0.10 and earlier

Cross-site request forgery CSRF vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...

CSRF in baserCMS 3.0.10 and earlier

Cross-site request forgery CSRF vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...

baserCMS Cross-site Scripting vulnerability

Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...

GHSA-MXFV-C8P8-QW5H baserCMS Cross-site Scripting vulnerability

Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...

Trend Micro's One Vision, One Platform

Why Trend Micro is evolving its approach to enterprise protection...

EC-CUBE Easy Blog for EC-CUBE4 Cross-Site Request Forgery Vulnerability

EC-CUBE Easy Blog for EC-CUBE4 is a component of the content management system from EC-CUBE Japan. EC-CUBE Easy Blog for EC-CUBE4 1.0.1 and earlier versions are vulnerable to cross-site request forgery, which stems from insufficient authentication of the source of HTTP requests. A remote,...

Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys

We recently observed a number of apps on Google Play designed to perform malicious activities such as stealing user credentials and other sensitive user information, including private keys...

Stored XSS in LavaLite 5.2.4

LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code...

GHSA-H7VH-6GMM-G7H9 Stored XSS in LavaLite 5.2.4

LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code...

GHSA-M2R2-QC49-GQW4 Gleez CMS Stored XSS

Cross-site scripting XSS vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers users to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode ...

Gleez CMS Stored XSS

Cross-site scripting XSS vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers users to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode ...