CVE-2020-29247

MEDIUM

WonderCMS 3.1.3 - Stored Cross-Site Scripting in Admin Panel Page Keywords

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-29247. PoCs published by Mayur Parmar.

AI-analyzed exploit summary This is a technical writeup describing a stored XSS vulnerability in WonderCMS 3.1.3, where an attacker can inject malicious JavaScript via the 'Page Title' parameter. The payload is stored and executed when users visit the affected page.

Description

WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload.

Exploits (1)

exploitdb WRITEUP
by Mayur Parmar · textwebappsphp
https://www.exploit-db.com/exploits/49102

This is a technical writeup describing a stored XSS vulnerability in WonderCMS 3.1.3, where an attacker can inject malicious JavaScript via the 'Page Title' parameter. The payload is stored and executed when users visit the affected page.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WonderCMS 3.1.3
Auth required
Prerequisites: Access to the 'Simple website builder' feature in WonderCMS
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Product, Vendor Advisory x_refsource_misc
http://wondercms.com
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/49102

Scores

CVSS v3 4.8
EPSS 0.0111
EPSS Percentile 61.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
wondercms/wondercms 3.1.3
Published Dec 24, 2020
Tracked Since Feb 18, 2026