Shodan
Vulnerabilities
Vulnerable Software
Wondercms:  >> Wondercms  Security Vulnerabilities
CVE-2024-41304
An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-07-30
CVE-2024-41305
A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.
CVSS Score
4.7
EPSS Score
0.0
Published
2024-07-30
CVE-2024-32337
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Security module.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-04-17
CVE-2024-32338
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-04-17
CVE-2024-32339
Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-04-17
CVE-2024-32340
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module.
CVSS Score
9.6
EPSS Score
0.001
Published
2024-04-17
CVE-2024-32341
Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-04-17
CVE-2024-32743
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-04-17
CVE-2024-32744
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module.
CVSS Score
4.6
EPSS Score
0.0
Published
2024-04-17
CVE-2024-32745
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module.
CVSS Score
5.9
EPSS Score
0.0
Published
2024-04-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved