10 matches found
CVE-2024-41305
A Server-Side Request Forgery SSRF in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...
CVE-2024-41304
An arbitrary file upload vulnerability in the uploadFileAction function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file...
CVE-2024-41304
An arbitrary file upload vulnerability in the uploadFileAction function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file...
CVE-2024-41304
The CVE-2024-41304 entry refers to WonderCMS v3.4.3 and reports an arbitrary file upload vulnerability in the uploadFileAction() function. A crafted SVG file can lead to arbitrary code execution on affected installations. Connected sources consistently describe the same issue without detailing ex...
CVE-2024-41304
An arbitrary file upload vulnerability in the uploadFileAction function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file...
CVE-2024-32743
CVE-2024-32743 affects WonderCMS v3.4.3. A cross-site scripting (XSS) vulnerability exists in the Settings section via the SITE LANGUAGE CONFIG parameter under the Security module, allowing an attacker to execute arbitrary web scripts or HTML. Root cause is improper handling of input in the Setti...
CVE-2024-32744
WonderCMS v3.4.3 contains a cross-site scripting (XSS) vulnerability in the Settings section. The flaw allows arbitrary script/HTML execution via a payload in the PAGE KEYWORDS parameter under the CURRENT PAGE module. Public sources confirm the affected component and trigger, but none provide a p...
CVE-2024-32743
A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module...
CVE-2024-32744
A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module...
CVE-2024-32338
WonderCMS v3.4.3 is affected by a cross-site scripting (XSS) vulnerability in the Settings section, exploitable via a crafted payload in the PAGE TITLE parameter under the Current Page module. Impact: can disclose/modify data (low confidentiality and integrity impact) with no availability impact ...