adiapera/xss_current_page_wondercms_3.4.3

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-32338 ↗	Apr 17, 2024Wednesday, 17 April 2024, 21:15	5.4 MEDIUM	—
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module.
CVE-2024-32744 ↗	Apr 17, 2024Wednesday, 17 April 2024, 21:15	4.6 MEDIUM	—
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module.
CVE-2024-32745 ↗	Apr 17, 2024Wednesday, 17 April 2024, 21:15	5.9 MEDIUM	—
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module.