16 matches found
CVE-2018-8813
CVE-2018-8813 describes an open redirect vulnerability in WolfCMS 0.8.3.1, where the login[redirect] parameter in the login functionality can be exploited to redirect users to arbitrary external sites, enabling phishing scenarios. The connected documents consistently confirm the affected product/...
CVE-2019-25070
CVE-2019-25070 affects WolfCMS up to version 0.8.3.1 in the User Add path (/wolfcms/?/admin/user/add). The vulnerability arises from improper handling of the name parameter, enabling basic cross-site scripting (XSS). Exploitation can be remote and public disclosures exist. Several connected sourc...
CVE-2018-8814
WolfCMS 0.8.3.1 is affected by CVE-2018-8814: a Cross-site request forgery (CSRF) vulnerability that allows an attacker to hijack user authentication for requests that modify plugin/[pluginname]/settings. The issue arises in WolfCMS before 0.8.3.1 and can be triggered by crafting malicious reques...
CVE-2015-6568
Wolf CMS before 0.8.3.1 is vulnerable to an unrestricted file upload that allows changing a file’s extension to .php via admin/plugin/file_manager/browse/, enabling PHP code execution. Exploitation requires a registered user with upload access. The issue is addressed in Wolf CMS 0.8.3.1 (release ...
CVE-2018-18823
CVE-2018-18823 affects WolfCMS 0.8.3.1 and is an XSS vulnerability that can be triggered by an SVG file reaching the /?\u002fadmin/uploader? or similarly routed path via the file manager browse endpoint. The connected sources confirm the existence of an XSS condition in WolfCMS 0.8.3.1 when acces...
CVE-2015-6567
CVE-2015-6567 affects Wolf CMS prior to 0.8.3.1. The vulnerability arises in admin/plugin/file_manager/browse (the file manager) where the filename parameter is not properly validated, enabling an authenticated user with upload rights to upload arbitrary files and potentially execute PHP code on ...
CVE-2012-1897
CVE-2012-1897 affects Wolf CMS 0.75 and earlier. The issue is multiple cross-site request forgery (CSRF) vulnerabilities in the admin interface that allow remote attackers to hijack administrator authentication to perform actions such as (1) deleting users by user id (admin/user/delete), (2) dele...
CVE-2017-11611
CVE-2017-11611 affects Wolf CMS 0.8.3.1. The flaw is an XSS vulnerability arising from insufficient sanitization of user-supplied names in the file manager: specifically the file name in the create-file-popup action and the directory name in the create-directory-popup action, transmitted via HTTP...
CVE-2018-18824
Affected software: WolfCMS 0.8.3.1. Vulnerability: Stored/reflected XSS via an SVG file to /?/admin/plugin/file_manager/browse/ as described in CVE-2018-18824. Root cause / details: Not explicitly stated beyond the XSS vector in the provided documents. Impact (as stated): XSS could affect the adm...
CVE-2018-6890
Wolf CMS 0.8.3.1 is affected by a Cross-Site Scripting (XSS) vulnerability via the page editing feature (/?/admin/page/edit/3). The issue is documented in CVE-2018-6890 with both NVD and CNVD entries confirming an XSS flaw in Wolf CMS 0.8.3.1. The connected sources corroborate that the vulnerabil...
CVE-2018-14837
CVE-2018-14837 — Wolf CMS 0.8.3.1 is confirmed to have a cross-site scripting (XSS) vulnerability in the Snippets tab, demonstrated via the /admin/snippet/edit/1 URI. The linked documents consistently describe the affected product and vest the issue as an XSS flaw; no explicit root-cause details,...
CVE-2019-10646
CVE-2019-10646 affects Wolf CMS v0.8.3.1 with a reflected/stored XSS in the Add Snippet module (/?/admin/snippet/add). An attacker can inject arbitrary JavaScript as user input, which executes when the affected snippet loads. This vulnerability is confirmed by multiple sources in the connected do...
CVE-2018-1000084
WolfCMS 0.8.3.1 contains a stored XSS vulnerability in the Layout Name field (Layout tab). The underlying issue allows a low-privilege user to steal an admin’s cookies and compromise the administrator account. The attack is described as exploitable by entering JavaScript code into the Layout Name...
CVE-2018-1000087
CVE-2018-1000087 – WolfCMS 0.8.3.1 has a reflected cross-site scripting vulnerability in the input boxes for “Create New File” and “Create New Directory” on the File tab. According to the connected sources, unsanitized input reflects back in the browser, enabling an attacker to inject JavaScript....
CVE-2018-15842
WolfCMS 0.8.3.1 is affected by a Cross-Site Scripting (XSS) vulnerability triggered by the slug parameter in the /?/admin/page/add path. The root cause is inadequate filtering of the slug parameter, allowing injection and execution of JavaScript. Public references (NVD/CNVD/OSV, among others) con...
CVE-2012-1932
CVE-2012-1932 is an XSS vulnerability in Wolf CMS 0.75 and earlier. The issue allows an attacker to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting. Public references in the connected records confirm the affected software/component and the faulty input ...