Lucene search
K

13 matches found

NVD
NVD
added 2024/04/17 9:15 p.m.10 views

CVE-2024-32744

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module...

4.6CVSS5.6AI score0.00399EPSS
Exploits1References1
OSV
OSV
added 2024/04/17 9:15 p.m.10 views

CVE-2024-32744

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module...

4.6CVSS5.7AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.3 views

PT-2024-24822 · Wondercms · Wondercms

Name of the Vulnerable Software and Affected Versions: WonderCMS version 3.4.3 Description: A cross-site scripting XSS vulnerability in the Settings section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT...

4.6CVSS6AI score0.00399EPSS
Exploits1References7
CVE
CVE
added 2024/04/17 12:0 a.m.58 views

CVE-2024-32744

WonderCMS v3.4.3 contains a cross-site scripting (XSS) vulnerability in the Settings section. The flaw allows arbitrary script/HTML execution via a payload in the PAGE KEYWORDS parameter under the CURRENT PAGE module. Public sources confirm the affected component and trigger, but none provide a p...

4.6CVSS5.8AI score0.00399EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/17 12:0 a.m.14 views

CVE-2024-32744

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module...

5.8AI score0.00399EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/04/17 12:0 a.m.15 views

CVE-2024-32744

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module...

5.7AI score0.00399EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/04/17 12:0 a.m.3 views

WonderCMS 安全漏洞

WonderCMS is an open source PHP-based content management system CMS. A security vulnerability exists in WonderCMS version v3.4.3, which originates from a cross-site scripting XSS vulnerability in the Settings section. An attacker can exploit this vulnerability to execute arbitrary web script or...

4.6CVSS5.8AI score0.00399EPSS
Exploits1References2
CNVD
CNVD
added 2020/12/25 12:0 a.m.3 views

WonderCMS Cross-Site Scripting Vulnerability

WonderCMS is an open source, fast, small and simple flat file cms. A cross-site scripting vulnerability exists in the "Admin Panel" of WonderCMS 3.1.3. The vulnerability can be exploited to steal cookies via page keywords...

4.8CVSS6.3AI score0.01106EPSS
Exploits1References1
OSV
OSV
added 2020/12/24 8:15 p.m.14 views

CVE-2020-29247

WonderCMS 3.1.3 is affected by cross-site scripting XSS in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload...

4.8CVSS5.2AI score0.01106EPSS
Exploits1References3
CNNVD
CNNVD
added 2020/12/24 12:0 a.m.6 views

WonderCMS 跨站脚本漏洞

WonderCMS is an open source, fast, small and simple flat file cms. A cross-site scripting vulnerability exists in the "Admin Panel" of WonderCMS 3.1.3. The vulnerability can be exploited to steal cookies via page keywords...

4.8CVSS5.6AI score0.01106EPSS
Exploits1References4
OSV
OSV
added 2018/12/31 3:29 p.m.4 views

CVE-2018-19905

HTML injection exists in razorCMS 3.4.8 via the //page keywords parameter...

5.4CVSS5.8AI score0.00667EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/12/31 3:0 p.m.12 views

CVE-2018-19905

HTML injection exists in razorCMS 3.4.8 via the //page keywords parameter...

5.7AI score0.00667EPSS
Exploits1References1
CNVD
CNVD
added 2018/09/14 12:0 a.m.2 views

razorCMS Settings Component Cross-Site Scripting Vulnerability

razorCMS is an open source content management system written in PHP, which stores all data in flat files, so there is no need to install a database. A cross-site scripting vulnerability exists in the Settings component of razorCMS version 3.4.7, which can be exploited by a remote attacker to...

5.4CVSS5.5AI score0.0058EPSS
Exploits1References1
Rows per page
Query Builder