WolfCMS 0.8.3.1 Cross Site Scripting

Description: WolfCMS v0.8.3.1 and before is vulnerable to cross site scripting in User Add module for parameter Name. Impacted URL is http://yourwebserverip/wolfcms/?/admin/user/add Payload used is "TestXSS Further details: https://github.com/wolfcms/wolfcms/issues/683 Already requested for CVE,...

CVE-2018-18823

WolfCMS 0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/filemanager/browse/...

CVE-2018-18824

WolfCMS v0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/filemanager/browse/...

CVE-2018-18823

WolfCMS 0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/filemanager/browse/...

CVE-2018-18824

WolfCMS v0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/filemanager/browse/...

Cross site scripting

WolfCMS 0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/filemanager/browse/...

Design/Logic Flaw

WolfCMS v0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/filemanager/browse/...

CVE-2018-18824

WolfCMS v0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/filemanager/browse/...

CVE-2018-18824

Affected software: WolfCMS 0.8.3.1. Vulnerability: Stored/reflected XSS via an SVG file to /?/admin/plugin/file_manager/browse/ as described in CVE-2018-18824. Root cause / details: Not explicitly stated beyond the XSS vector in the provided documents. Impact (as stated): XSS could affect the adm...

CVE-2018-18823

CVE-2018-18823 affects WolfCMS 0.8.3.1 and is an XSS vulnerability that can be triggered by an SVG file reaching the /?\u002fadmin/uploader? or similarly routed path via the file manager browse endpoint. The connected sources confirm the existence of an XSS condition in WolfCMS 0.8.3.1 when acces...

CVE-2018-18823

WolfCMS 0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/filemanager/browse/...

Code injection

WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter...

CVE-2018-15842

WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter...

CVE-2018-15842

WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter...

CVE-2018-15842

WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter...

CVE-2018-15842

WolfCMS 0.8.3.1 is affected by a Cross-Site Scripting (XSS) vulnerability triggered by the slug parameter in the /?/admin/page/add path. The root cause is inadequate filtering of the slug parameter, allowing injection and execution of JavaScript. Public references (NVD/CNVD/OSV, among others) con...

WolfCMS 0.8.3.1 Open Redirect

Exploit Title: WolfCMS 0.8.3.1 Open Redirection Vulnerability Google Dork: N/A Date: 04-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.wolfcms.org Software Link: https://bitbucket.org/wolfcms/wolf-cms-downloads/downloads/wolfcms-0.8.3.1.z...

WolfCMS 0.8.3.1 - Cross-Site Request Forgery

WolfCMS 0.8.3.1 - Cross-Site Request Forgery Exploit Title: WolfCMS 0.8.3.1 Cross Site Request Forgery Google Dork: N/A Date: 04-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.wolfcms.org Software Link: Affected Version: 0.8.3.1 Category:...

WolfCMS 0.8.3.1 - Open Redirection

WolfCMS 0.8.3.1 - Open Redirection Exploit Title: WolfCMS 0.8.3.1 Open Redirection Vulnerability Google Dork: N/A Date: 04-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.wolfcms.org Software Link:...

WolfCMS Open Redirect Vulnerability

WolfCMS is a PHP-based open source content management system CMS developed by the Wolf CMS team. The system provides user interface , templates , user management and rights management and other functions . An open redirection vulnerability exists in the login feature in WolfCMS version 0.8.3.1. A...