CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-6305

Malware in sbrugna...

8.8CVSS8.8AI score0.00244EPSS

Exploits1References3

RedhatCVE•added 2025/05/23 10:17 a.m.•11 views

CVE-2024-32746

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the MENU parameter under the Menu module...

4.6CVSS5.7AI score0.00086EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 9:39 a.m.•4 views

CVE-2024-27563

A Server-Side Request Forgery SSRF in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...

6.5CVSS7.3AI score0.00119EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 5:2 p.m.•5 views

CVE-2020-29233

WonderCMS 3.1.3 is affected by cross-site scripting XSS in the Page description component. This vulnerability can allow an attacker to inject the XSS payload in the Page description and each time any user will visits the website, the XSS triggers and attacker can steal the cookie according to the...

5.4CVSS5.2AI score0.00415EPSS

Exploits2

RedhatCVE•added 2025/05/22 1:55 a.m.•3 views

CVE-2011-5317

Cross-site scripting XSS vulnerability in editText.php in WonderCMS before 0.4 allows remote attackers to inject arbitrary web script or HTML via the content parameter...

4.3CVSS5.9AI score0.00225EPSS

Exploits0References1

OSV•added 2025/04/02 11:15 p.m.•3 views

CVE-2025-3123

A vulnerability, which was classified as critical, has been found in WonderCMS 3.5.0. Affected by this issue is the function installUpdateModuleAction of the component Theme Installation/Plugin Installation. The manipulation leads to unrestricted upload. The attack may be launched remotely. The...

7.2CVSS7AI score

Exploits0References6

CNVD•added 2024/04/22 12:0 a.m.•6 views

WonderCMS HOW TO page cross-site scripting vulnerability

WonderCMS is an open source PHP-based content management system CMS. A cross-site scripting vulnerability exists in WonderCMS v3.4.3, which stems from the lack of effective filtering and escaping of user-supplied data on the HOW TO page, and can be exploited by an attacker to steal the victim's...

6.1CVSS6.3AI score0.0019EPSS

Exploits1References1

CNVD•added 2024/04/22 12:0 a.m.•4 views

WonderCMS PAGE DESCRIPTION parameter cross-site scripting vulnerability

WonderCMS is an open source PHP-based content management system CMS. A cross-site scripting vulnerability exists in WonderCMS v3.4.3, which stems from the lack of effective filtering and escaping of user-supplied data in the PAGE DESCRIPTION parameter of the Settings section, and can be exploited...

5.9CVSS6.3AI score0.00065EPSS

Exploits1References1

OSV•added 2024/04/17 9:15 p.m.•2 views

CVE-2024-32745

5.9CVSS5.7AI score

Exploits0References1

OSV•added 2024/04/17 9:15 p.m.•7 views

CVE-2024-32338

5.4CVSS5.7AI score

Exploits0References1

OSV•added 2024/04/17 9:15 p.m.•3 views

CVE-2024-32743

5.5CVSS5.7AI score

Exploits0References1

OSV•added 2024/04/17 9:15 p.m.•5 views

CVE-2024-32746

4.6CVSS5.7AI score

Exploits0References1

Positive Technologies•added 2024/04/17 12:0 a.m.•2 views

PT-2024-24823 · Wondercms · Wondercms

Name of the Vulnerable Software and Affected Versions: WonderCMS version 3.4.3 Description: A cross-site scripting XSS vulnerability in the Settings section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRE...

5.9CVSS5.5AI score0.00065EPSS

Exploits1References8

OSV•added 2024/03/05 5:15 p.m.•5 views

CVE-2024-27561

A Server-Side Request Forgery SSRF in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter...

8.1CVSS7.2AI score

Exploits0References1

CNNVD•added 2023/11/07 12:0 a.m.•2 views

WonderCMS Security Breach

WonderCMS is an open source PHP-based content management system CMS. A security vulnerability exists in WonderCMS versions v.3.2.0 through v.3.4.2. An attacker can exploit this vulnerability to execute arbitrary code via specially crafted scripts uploaded to the installModule component...

6.1CVSS7.7AI score0.91079EPSS

Exploits16References3

Vulnrichment•added 2022/11/17 12:0 a.m.•7 views

CVE-2022-43332

A cross-site scripting XSS vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel...

5.9AI score0.00499EPSS

Exploits0References1