Filtered by vendor Wondercms
Subscriptions
Total
26 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-29233 | 1 Wondercms | 1 Wondercms | 2024-08-04 | 5.4 Medium |
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. This vulnerability can allow an attacker to inject the XSS payload in the Page description and each time any user will visits the website, the XSS triggers and attacker can steal the cookie according to the crafted payload. | ||||
CVE-2021-42233 | 2 Simple Blog Project, Wondercms | 2 Simple Blog, Wondercms | 2024-08-04 | 5.4 Medium |
The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting (XSS) vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur. | ||||
CVE-2022-43332 | 1 Wondercms | 1 Wondercms | 2024-08-03 | 6.1 Medium |
A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel. | ||||
CVE-2024-32337 | 1 Wondercms | 1 Wondercms | 2024-08-02 | 6.1 Medium |
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Security module. | ||||
CVE-2024-32339 | 1 Wondercms | 1 Wondercms | 2024-08-02 | 6.1 Medium |
Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters. | ||||
CVE-2024-32338 | 1 Wondercms | 1 Wondercms | 2024-08-02 | 5.4 Medium |
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module. |