Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4 matches found

OSV
OSVadded 2021/04/07 4:15 p.m.8 views

CVE-2020-24140

Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services...

8.3CVSS7AI score0.00245EPSS
Exploits1References2
Prion
Prionadded 2021/04/07 3:15 p.m.16 views

Directory traversal

Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php...

7.8CVSS8.4AI score0.01276EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2021/04/07 2:57 p.m.12 views

CVE-2020-24138

Cross Site Scripting XSS vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php...

6AI score0.00283EPSS
Exploits1References2
CVE
CVEadded 2021/04/07 2:57 p.m.39 views

CVE-2020-24138

CVE-2020-24138 is a Cross Site Scripting (XSS) vulnerability in WCMS 0.3.2. The issue allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php. Connected sources (Red Hat, CNVD, NVD, OSV) all describe the same flaw in WCMS 0.3.2. No concrete explo...

6.1CVSS5.9AI score0.00283EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder