306 matches found
WonderCMS Cross-Site Scripting Vulnerability
WonderCMS is a cms. version 3.4.1 of WonderCMS contains a cross-site scripting vulnerability that can be exploited by attackers to cause XSS to occur when any user opens a specific blog hosted on their website...
CVE-2021-42233
The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting XSS vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur...
CVE-2021-42233
The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting XSS vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur...
CVE-2021-42233
The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting XSS vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur...
Cross site scripting
The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting XSS vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur...
CVE-2021-42233
CVE-2021-42233 describes a stored XSS vulnerability in the WonderCMS Simple Blog plugin (version 3.4.1). The issue occurs when a user views a specific blog post hosted on an attacker’s site, allowing the attacker to inject script via vulnerable blog content. The public documentation consistently ...
CVE-2021-42233
The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting XSS vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur...
Wondercms plugin Simple Blog 跨站脚本漏洞
WonderCMS is a cms. version 3.4.1 of WonderCMS contains a cross-site scripting vulnerability that can be exploited by attackers to cause XSS to occur when any user opens a specific blog hosted on their website...
WonderCMS Detection (HTTP)
HTTP based detection of WonderCMS. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.146618";...
CVE-2020-35314
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer...
CVE-2020-35314
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer...
CVE-2020-35313
A server-side request forgery SSRF vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer...
CVE-2020-35313
A server-side request forgery SSRF vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer...
Server side request forgery (ssrf)
A server-side request forgery SSRF vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer...
Remote code execution
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer...
CVE-2020-35314
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer...
CVE-2020-35314
WonderCMS 3.1.3 is affected by a remote code execution via installUpdateThemePluginAction in index.php, enabling an attacker to upload a crafted plugin through the theme/plugin installer and execute arbitrary code. Some sources indicate this requires an authenticated session (authenticated RCE) a...
CVE-2020-35313
A server-side request forgery SSRF vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer...
CVE-2020-35313
WonderCMS 3.1.3 is affected by a server-side request forgery (SSRF) in the addCustomThemePluginRepository function of index.php, enabling remote code execution via a crafted URL to the theme/plugin installer. Exploitation requires an authenticated session; a confirmed path in the public docs show...
WonderCMS 代码问题漏洞
WonderCMS is an open source PHP-based content management system CMS. WonderCMS 3.1.3 suffers from a code issue vulnerability that stems from server-side request forgery SSRF in the addCustomThemePluginRepository function of index.php, which allows remote attackers to exploit the vulnerability to...