Lucene search
K

6 matches found

OSV
OSV
added 2021/04/20 8:15 p.m.10 views

CVE-2020-35313

A server-side request forgery SSRF vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer...

9.8CVSS7.9AI score0.45221EPSS
Exploits2References3
Prion
Prion
added 2021/04/20 8:15 p.m.19 views

Server side request forgery (ssrf)

A server-side request forgery SSRF vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer...

7.5CVSS9.6AI score0.45221EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2021/04/20 7:25 p.m.85 views

CVE-2020-35314

WonderCMS 3.1.3 is affected by a remote code execution via installUpdateThemePluginAction in index.php, enabling an attacker to upload a crafted plugin through the theme/plugin installer and execute arbitrary code. Some sources indicate this requires an authenticated session (authenticated RCE) a...

9.8CVSS9.8AI score0.26912EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2020/12/30 3:15 p.m.8 views

CVE-2020-29233

WonderCMS 3.1.3 is affected by cross-site scripting XSS in the Page description component. This vulnerability can allow an attacker to inject the XSS payload in the Page description and each time any user will visits the website, the XSS triggers and attacker can steal the cookie according to the...

5.4CVSS5.4AI score0.01271EPSS
Exploits3References1
Prion
Prion
added 2020/12/30 3:15 p.m.24 views

Cross site scripting

WonderCMS 3.1.3 is affected by cross-site scripting XSS in the Menu component. This vulnerability can allow an attacker to inject the XSS payload in the Setting - Menu and each time any user will visits the website directory, the XSS triggers and attacker can steal the cookie according to the...

3.5CVSS5.1AI score0.01371EPSS
Exploits3References1Affected Software1
Cvelist
Cvelist
added 2020/12/24 7:22 p.m.22 views

CVE-2020-29247

WonderCMS 3.1.3 is affected by cross-site scripting XSS in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload...

4.8AI score0.00783EPSS
Exploits1References2
Rows per page
Query Builder