CVE-2024-41305

A Server-Side Request Forgery SSRF in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...

CVE-2022-43321

Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting XSS vulnerability in the component /common/library/Page.php...

PYSEC-2025-115

NASA Fprime v3.4.3 was discovered to contain multiple cross-site scripting XSS vulnerabilities...

CVE-2024-55030

A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands...

CVE-2024-41304

An arbitrary file upload vulnerability in the uploadFileAction function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file...

CVE-2024-41304

An arbitrary file upload vulnerability in the uploadFileAction function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file...

CVE-2024-41304

The CVE-2024-41304 entry refers to WonderCMS v3.4.3 and reports an arbitrary file upload vulnerability in the uploadFileAction() function. A crafted SVG file can lead to arbitrary code execution on affected installations. Connected sources consistently describe the same issue without detailing ex...

CVE-2024-41305

WonderCMS v3.4.3 contains a Server-Side Request Forgery (SSRF) in the Plugins Page disclosed across multiple sources. The vulnerability arises from unvalidated input in the pluginThemeUrl parameter, enabling an attacker to coerce the application into making arbitrary outgoing requests. Impact det...

CVE-2024-41305

A Server-Side Request Forgery SSRF in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...

CVE-2024-41304

An arbitrary file upload vulnerability in the uploadFileAction function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file...

CVE-2024-32744

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module...

CVE-2024-32743

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module...

CVE-2024-32338

WonderCMS v3.4.3 is affected by a cross-site scripting (XSS) vulnerability in the Settings section, exploitable via a crafted payload in the PAGE TITLE parameter under the Current Page module. Impact: can disclose/modify data (low confidentiality and integrity impact) with no availability impact ...

CVE-2024-32743

CVE-2024-32743 affects WonderCMS v3.4.3. A cross-site scripting (XSS) vulnerability exists in the Settings section via the SITE LANGUAGE CONFIG parameter under the Security module, allowing an attacker to execute arbitrary web scripts or HTML. Root cause is improper handling of input in the Setti...

CVE-2024-32744

WonderCMS v3.4.3 contains a cross-site scripting (XSS) vulnerability in the Settings section. The flaw allows arbitrary script/HTML execution via a payload in the PAGE KEYWORDS parameter under the CURRENT PAGE module. Public sources confirm the affected component and trigger, but none provide a p...

GHSA-G5CJ-5H58-J93W Jeecg-boot vulnerable to SQL Injection

Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check...

GHSA-V87Q-RPWP-QR7Q Jeecg-boot vulnerable to SQL Injection

Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin...

CVE-2022-45210

Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin...

CVE-2022-45207

Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString...

CVE-2022-45207

Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString...