exploitDog

CVE-2020-29233

Опубликовано: 30 дек. 2020

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. This vulnerability can allow an attacker to inject the XSS payload in the Page description and each time any user will visits the website, the XSS triggers and attacker can steal the cookie according to the crafted payload.

Ссылки

https://www.exploit-db.com/exploits/49085
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/49085
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wondercms:wondercms:3.1.3:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00136

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-6367-c2hm-87fh

github

больше 3 лет назад

WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. This vulnerability can allow an attacker to inject the XSS payload in the Page description and each time any user will visits the website, the XSS triggers and attacker can steal the cookie according to the crafted payload.

EPSS

Процентиль: 34%

0.00136

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79