Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:35 a.m.19 views

CVE-2024-41305

A Server-Side Request Forgery SSRF in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...

7.1CVSS7.3AI score0.00186EPSS
Exploits1References1
NVD
NVD
added 2024/07/30 6:15 p.m.30 views

CVE-2024-41304

An arbitrary file upload vulnerability in the uploadFileAction function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file...

5.4CVSS0.00359EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/30 12:0 a.m.17 views

CVE-2024-41304

An arbitrary file upload vulnerability in the uploadFileAction function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file...

7.7AI score0.00359EPSS
Exploits1References1
CVE
CVE
added 2024/07/30 12:0 a.m.54 views

CVE-2024-41304

The CVE-2024-41304 entry refers to WonderCMS v3.4.3 and reports an arbitrary file upload vulnerability in the uploadFileAction() function. A crafted SVG file can lead to arbitrary code execution on affected installations. Connected sources consistently describe the same issue without detailing ex...

5.4CVSS7.8AI score0.00359EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/07/30 12:0 a.m.20 views

CVE-2024-41304

An arbitrary file upload vulnerability in the uploadFileAction function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file...

0.00359EPSS
Exploits1References1
CVE
CVE
added 2024/04/17 12:0 a.m.58 views

CVE-2024-32743

CVE-2024-32743 affects WonderCMS v3.4.3. A cross-site scripting (XSS) vulnerability exists in the Settings section via the SITE LANGUAGE CONFIG parameter under the Security module, allowing an attacker to execute arbitrary web scripts or HTML. Root cause is improper handling of input in the Setti...

5.5CVSS5.8AI score0.00402EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/04/17 12:0 a.m.60 views

CVE-2024-32744

WonderCMS v3.4.3 contains a cross-site scripting (XSS) vulnerability in the Settings section. The flaw allows arbitrary script/HTML execution via a payload in the PAGE KEYWORDS parameter under the CURRENT PAGE module. Public sources confirm the affected component and trigger, but none provide a p...

4.6CVSS5.8AI score0.00399EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/17 12:0 a.m.12 views

CVE-2024-32743

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module...

5.8AI score0.00402EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/04/17 12:0 a.m.16 views

CVE-2024-32744

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module...

5.7AI score0.00399EPSS
Exploits1References1
CVE
CVE
added 2024/04/17 12:0 a.m.65 views

CVE-2024-32338

WonderCMS v3.4.3 is affected by a cross-site scripting (XSS) vulnerability in the Settings section, exploitable via a crafted payload in the PAGE TITLE parameter under the Current Page module. Impact: can disclose/modify data (low confidentiality and integrity impact) with no availability impact ...

5.4CVSS5.8AI score0.00404EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder