Lucene search
+L

306 matches found

CNVD
CNVD
added 2022/05/24 12:0 a.m.21 views

WonderCMS Cross-Site Scripting Vulnerability

WonderCMS is a cms. version 3.4.1 of WonderCMS contains a cross-site scripting vulnerability that can be exploited by attackers to cause XSS to occur when any user opens a specific blog hosted on their website...

3.5CVSS1AI score0.00852EPSS
Exploits1Affected Software1
OSV
OSV
added 2022/05/23 7:16 p.m.5 views

CVE-2021-42233

The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting XSS vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur...

5.4CVSS6AI score0.00852EPSS
Exploits1References3
NVD
NVD
added 2022/05/23 7:16 p.m.19 views

CVE-2021-42233

The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting XSS vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur...

5.4CVSS0.00852EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/05/23 7:16 p.m.4 views

CVE-2021-42233

The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting XSS vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur...

5.4CVSS5.6AI score0.00852EPSS
Exploits1References4
Prion
Prion
added 2022/05/23 7:16 p.m.11 views

Cross site scripting

The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting XSS vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur...

3.5CVSS5.1AI score0.00852EPSS
Exploits1References3
CVE
CVE
added 2022/05/23 6:4 p.m.71 views

CVE-2021-42233

CVE-2021-42233 describes a stored XSS vulnerability in the WonderCMS Simple Blog plugin (version 3.4.1). The issue occurs when a user views a specific blog post hosted on an attacker’s site, allowing the attacker to inject script via vulnerable blog content. The public documentation consistently ...

5.4CVSS5.1AI score0.00852EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/05/23 6:4 p.m.21 views

CVE-2021-42233

The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting XSS vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur...

5.3AI score0.00852EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/05/23 12:0 a.m.6 views

Wondercms plugin Simple Blog 跨站脚本漏洞

WonderCMS is a cms. version 3.4.1 of WonderCMS contains a cross-site scripting vulnerability that can be exploited by attackers to cause XSS to occur when any user opens a specific blog hosted on their website...

5.4CVSS5.2AI score0.00852EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2021/09/02 12:0 a.m.22 views

WonderCMS Detection (HTTP)

HTTP based detection of WonderCMS. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.146618";...

7.4AI score
Exploits0References1
NVD
NVD
added 2021/04/20 8:15 p.m.20 views

CVE-2020-35314

A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer...

9.8CVSS0.26912EPSS
Exploits2References4
OSV
OSV
added 2021/04/20 8:15 p.m.16 views

CVE-2020-35314

A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer...

9.8CVSS8.2AI score
Exploits0References4
NVD
NVD
added 2021/04/20 8:15 p.m.15 views

CVE-2020-35313

A server-side request forgery SSRF vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer...

9.8CVSS0.45221EPSS
Exploits2References3
OSV
OSV
added 2021/04/20 8:15 p.m.11 views

CVE-2020-35313

A server-side request forgery SSRF vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer...

9.8CVSS7.9AI score
Exploits0References3
Prion
Prion
added 2021/04/20 8:15 p.m.20 views

Server side request forgery (ssrf)

A server-side request forgery SSRF vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer...

7.5CVSS9.6AI score0.45221EPSS
Exploits2References3Affected Software1
Prion
Prion
added 2021/04/20 8:15 p.m.19 views

Remote code execution

A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer...

7.5CVSS9.8AI score0.26912EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2021/04/20 7:25 p.m.30 views

CVE-2020-35314

A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer...

9.9AI score0.26912EPSS
Exploits2References4
CVE
CVE
added 2021/04/20 7:25 p.m.85 views

CVE-2020-35314

WonderCMS 3.1.3 is affected by a remote code execution via installUpdateThemePluginAction in index.php, enabling an attacker to upload a crafted plugin through the theme/plugin installer and execute arbitrary code. Some sources indicate this requires an authenticated session (authenticated RCE) a...

9.8CVSS9.8AI score0.26912EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2021/04/20 7:5 p.m.24 views

CVE-2020-35313

A server-side request forgery SSRF vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer...

9.7AI score0.45221EPSS
Exploits2References3
CVE
CVE
added 2021/04/20 7:5 p.m.84 views

CVE-2020-35313

WonderCMS 3.1.3 is affected by a server-side request forgery (SSRF) in the addCustomThemePluginRepository function of index.php, enabling remote code execution via a crafted URL to the theme/plugin installer. Exploitation requires an authenticated session; a confirmed path in the public docs show...

9.8CVSS9.6AI score0.45221EPSS
Exploits2References3Affected Software1
CNNVD
CNNVD
added 2021/04/20 12:0 a.m.5 views

WonderCMS 代码问题漏洞

WonderCMS is an open source PHP-based content management system CMS. WonderCMS 3.1.3 suffers from a code issue vulnerability that stems from server-side request forgery SSRF in the addCustomThemePluginRepository function of index.php, which allows remote attackers to exploit the vulnerability to...

9.8CVSS8.9AI score0.45221EPSS
Exploits2References4
Rows per page
Query Builder