Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
WondercmsWondercms

9 matches found

CVE
CVEadded 2020/12/30 3:15 p.m.51 views

CVE-2020-29233

WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. This vulnerability can allow an attacker to inject the XSS payload in the Page description and each time any user will visits the website, the XSS triggers and attacker can steal the cookie according to the...

5.4CVSS5.1AI score0.00136EPSS
CVE
CVEadded 2024/04/17 9:15 p.m.50 views

CVE-2024-32338

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module.

5.4CVSS5.8AI score0.00145EPSS
CVE
CVEadded 2017/03/17 2:59 p.m.48 views

CVE-2014-8702

Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the password, which reveals the installation path in an error message.

5.3CVSS5.1AI score0.0029EPSS
CVE
CVEadded 2024/04/17 9:15 p.m.48 views

CVE-2024-32341

Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.

5.4CVSS6AI score0.00131EPSS
CVE
CVEadded 2020/12/30 3:15 p.m.45 views

CVE-2020-29469

WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu component. This vulnerability can allow an attacker to inject the XSS payload in the Setting - Menu and each time any user will visits the website directory, the XSS triggers and attacker can steal the cookie according to the cra...

5.4CVSS5.1AI score0.00311EPSS
CVE
CVEadded 2024/04/17 9:15 p.m.39 views

CVE-2024-32743

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module.

5.5CVSS5.8AI score0.00069EPSS
CVE
CVEadded 2024/07/30 6:15 p.m.39 views

CVE-2024-41304

An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file.

5.4CVSS7.8AI score0.00188EPSS
CVE
CVEadded 2024/04/17 9:15 p.m.38 views

CVE-2024-32745

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module.

5.9CVSS5.8AI score0.00047EPSS
CVE
CVEadded 2018/02/27 3:29 p.m.30 views

CVE-2018-7172

In index.php in WonderCMS before 2.4.1, remote attackers can delete arbitrary files via directory traversal.

5.5CVSS5.3AI score0.01368EPSS