Filtered by vendor Wondercms Subscriptions
Filtered by product Wondercms Subscriptions
Total 26 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-29233 1 Wondercms 1 Wondercms 2024-08-04 5.4 Medium
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. This vulnerability can allow an attacker to inject the XSS payload in the Page description and each time any user will visits the website, the XSS triggers and attacker can steal the cookie according to the crafted payload.
CVE-2021-42233 2 Simple Blog Project, Wondercms 2 Simple Blog, Wondercms 2024-08-04 5.4 Medium
The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting (XSS) vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur.
CVE-2022-43332 1 Wondercms 1 Wondercms 2024-08-03 6.1 Medium
A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel.
CVE-2024-32337 1 Wondercms 1 Wondercms 2024-08-02 6.1 Medium
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Security module.
CVE-2024-32339 1 Wondercms 1 Wondercms 2024-08-02 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.
CVE-2024-32338 1 Wondercms 1 Wondercms 2024-08-02 5.4 Medium
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module.