2020-12-30 16:15:00 2021-01-04 16:21:00

WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. This vulnerability can allow an attacker to inject the XSS payload in the Page description and each time any user will visits the website, the XSS triggers and attacker can steal the cookie according to the crafted payload.

Vector

NETWORK

Complexity

MEDIUM

Authentication

SINGLE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE
Advisory Patch Confirmed Link
https://www.exploit-db.com/exploits/49085