CVE-2020-29247

MEDIUM

WonderCMS 3.1.3 - XSS

Title source: llm

Description

WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload.

Exploits (1)

exploitdb WRITEUP

by Mayur Parmar · textwebappsphp

https://www.exploit-db.com/exploits/49102

View Code ZIP pw:eip

References (3)

[Product, Vendor Advisory] http://wondercms.com

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49102

[Exploit, Third Party Advisory] https://systemweakness.com/cve-2020-29247-wondercms-3-1-3-page-persistent-cross-site-scripting-3dd2bb210beb

Scores

CVSS v3 4.8

EPSS 0.0044

EPSS Percentile 63.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

wondercms/wondercms 3.1.3

Published Dec 24, 2020

Tracked Since Feb 18, 2026