CVE-2023-41425

Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component...

CVE-2023-26128

All versions of the package keep-module-latest are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have...

Exploit for Cross-site Scripting in Wondercms

CVE-2023-41425-wonderCMSRCE Cross Site Scripting vulnerabilit...

The vulnerability of the installModule component in the Wonder CMS content management system allows attackers to perform cross-site scripting attacks.

The vulnerability of the installModule component in the Wonder CMS content management system is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...

CVE-2023-41425

Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component...

CVE-2023-41425

Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component...

WonderCMS Security Breach

WonderCMS is an open source PHP-based content management system CMS. A security vulnerability exists in WonderCMS versions v.3.2.0 through v.3.4.2. An attacker can exploit this vulnerability to execute arbitrary code via specially crafted scripts uploaded to the installModule component...

CVE-2023-41425

Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component...

CVE-2023-41425

Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component...

PT-2023-6828 · Wondercms · Wondercms

Name of the Vulnerable Software and Affected Versions: Wonder CMS versions 3.2.0 through 3.4.2 Description: The issue is related to a Cross Site Scripting vulnerability that allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component. This...

Command Injection

keep-module-latest is vulnerable to command injection. The vulnerability exists in installModule function of index.js due to improper input sanitization, which allows an attacker to inject and execute malicious commands within the target environment...

GHSA-WXRX-PC44-RCGC keep-module-latest vulnerable to Command Injection due to missing input sanitization

All versions of the package keep-module-latest are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have...

keep-module-latest vulnerable to Command Injection due to missing input sanitization

All versions of the package keep-module-latest are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have...