Antonio Díaz

15 exploits Active since Apr 2024
CVE-2024-32337 WRITEUP MEDIUM WRITEUP
WonderCMS v3.4.3 - XSS
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Security module.
CVSS 6.1
CVE-2024-32338 WRITEUP MEDIUM WRITEUP
WonderCMS <3.4.3 - XSS
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module.
CVSS 5.4
CVE-2024-32339 WRITEUP MEDIUM WRITEUP
WonderCMS <3.4.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.
CVSS 6.1
CVE-2024-32340 WRITEUP CRITICAL WRITEUP
WonderCMS <3.4.3 - XSS
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module.
CVSS 9.6
CVE-2024-32341 WRITEUP MEDIUM WRITEUP
WonderCMS <3.4.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.
CVSS 5.4
CVE-2024-32342 WRITEUP MEDIUM WRITEUP
Boid CMS v2.1.0 - XSS
A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter.
CVSS 6.1
CVE-2024-32343 WRITEUP MEDIUM WRITEUP
Boid CMS v2.1.0 - XSS
A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter.
CVSS 6.1
CVE-2024-32344 WRITEUP MEDIUM WRITEUP
CMSimple <5.15 - XSS
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section.
CVSS 6.8
CVE-2024-32345 WRITEUP HIGH WRITEUP
CMSimple <5.15 - XSS
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section.
CVSS 7.2
CVE-2024-32743 WRITEUP MEDIUM WRITEUP
Wondercms - XSS
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module.
CVSS 5.5
CVE-2024-32744 WRITEUP MEDIUM WRITEUP
Wondercms - XSS
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module.
CVSS 4.6
CVE-2024-32745 WRITEUP MEDIUM WRITEUP
Wondercms - XSS
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module.
CVSS 5.9
CVE-2024-32746 WRITEUP MEDIUM WRITEUP
Wondercms - Basic XSS
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the MENU parameter under the Menu module.
CVSS 4.6
CVE-2024-33423 WRITEUP HIGH WRITEUP
Cmsimple - Basic XSS
Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section.
CVSS 7.4
CVE-2024-33424 WRITEUP MEDIUM WRITEUP
Cmsimple - XSS
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section.
CVSS 6.1