Antonio Díaz

15 exploits Active since Apr 2024
CVE-2024-32337 WRITEUP MEDIUM WRITEUP
WonderCMS 3.4.3 - Stored Cross-Site Scripting via ADMIN LOGIN URL Parameter
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Security module.
CVSS 6.1
CVE-2024-32338 WRITEUP MEDIUM WRITEUP
WonderCMS 3.4.3 - Stored Cross-Site Scripting via Current Page Title Parameter
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module.
CVSS 5.4
CVE-2024-32339 WRITEUP MEDIUM WRITEUP
WonderCMS 3.4.3 - Cross-Site Scripting via HOW TO Page Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.
CVSS 6.1
CVE-2024-32340 WRITEUP CRITICAL WRITEUP
WonderCMS 3.4.3 - Stored Cross-Site Scripting via Menu Module Website Title Parameter
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module.
CVSS 9.6
CVE-2024-32341 WRITEUP MEDIUM WRITEUP
WonderCMS 3.4.3 - Cross-Site Scripting via Home Page Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.
CVSS 5.4
CVE-2024-32342 WRITEUP MEDIUM WRITEUP
Boid CMS v2.1.0 - XSS
A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter.
CVSS 6.1
CVE-2024-32343 WRITEUP MEDIUM WRITEUP
Boid CMS v2.1.0 - XSS
A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter.
CVSS 6.1
CVE-2024-32344 WRITEUP MEDIUM WRITEUP
CMSimple 5.15 - Stored Cross-Site Scripting via Edit Parameter in Language Settings
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section.
CVSS 6.8
CVE-2024-32345 WRITEUP HIGH WRITEUP
CMSimple 5.15 - Stored Cross-Site Scripting via Configuration Parameter in Language Settings
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section.
CVSS 7.2
CVE-2024-32743 WRITEUP MEDIUM WRITEUP
WonderCMS 3.4.3 - Stored Cross-Site Scripting via SITE LANGUAGE CONFIG Parameter
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module.
CVSS 5.5
CVE-2024-32744 WRITEUP MEDIUM WRITEUP
WonderCMS 3.4.3 - Stored Cross-Site Scripting via PAGE KEYWORDS Parameter
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module.
CVSS 4.6
CVE-2024-32745 WRITEUP MEDIUM WRITEUP
WonderCMS 3.4.3 - Stored Cross-Site Scripting via Page Description Parameter
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module.
CVSS 5.9
CVE-2024-32746 WRITEUP MEDIUM WRITEUP
WonderCMS 3.4.3 - Stored Cross-Site Scripting via Menu Parameter
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the MENU parameter under the Menu module.
CVSS 4.6
CVE-2024-33423 WRITEUP HIGH WRITEUP
CMSimple 5.15 - Stored Cross-Site Scripting via Logout Parameter in Settings Menu
Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section.
CVSS 7.4
CVE-2024-33424 WRITEUP MEDIUM WRITEUP
CMSimple 5.15 - Stored Cross-Site Scripting via Downloads Parameter in Language Settings
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section.
CVSS 6.1