WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. This vulnerability can allow an attacker to inject the XSS payload in the Page description and each time any user will visits the website, the XSS triggers and attacker can steal the cookie according to the crafted payload.
References
Link | Resource |
---|---|
https://www.exploit-db.com/exploits/49085 | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-12-30T14:48:01
Updated: 2020-12-30T14:48:01
Reserved: 2020-11-27T00:00:00
Link: CVE-2020-29233
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-12-30T15:15:12.480
Modified: 2021-01-04T15:21:38.630
Link: CVE-2020-29233
JSON object: View
Redhat Information
No data.
CWE