WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload.
References
Link | Resource |
---|---|
https://www.exploit-db.com/exploits/49102 | Exploit Third Party Advisory VDB Entry |
http://wondercms.com | Product Vendor Advisory |
https://systemweakness.com/cve-2020-29247-wondercms-3-1-3-page-persistent-cross-site-scripting-3dd2bb210beb | Exploit Third Party Advisory |
Configurations
Information
Published : 2020-12-24 12:15
Updated : 2021-04-22 06:13
NVD link : CVE-2020-29247
Mitre link : CVE-2020-29247
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
wondercms
- wondercms