Description
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. This vulnerability can allow an attacker to inject the XSS payload in the Page description and each time any user will visits the website, the XSS triggers and attacker can steal the cookie according to the crafted payload.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Hemant Patidar · textwebappsphp
https://www.exploit-db.com/exploits/49085
Scores
CVSS v3
5.4
EPSS
0.0042
EPSS Percentile
61.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
wondercms/wondercms
3.1.3
Published
Dec 30, 2020
Tracked Since
Feb 18, 2026