WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload.
References
Link | Resource |
---|---|
http://wondercms.com | Product Vendor Advisory |
https://systemweakness.com/cve-2020-29247-wondercms-3-1-3-page-persistent-cross-site-scripting-3dd2bb210beb | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/49102 | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-12-24T19:22:46
Updated: 2021-04-21T11:52:22
Reserved: 2020-11-27T00:00:00
Link: CVE-2020-29247
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-12-24T20:15:12.523
Modified: 2021-04-22T13:13:45.263
Link: CVE-2020-29247
JSON object: View
Redhat Information
No data.
CWE