Skip to content

adiapera/xss_current_page_wondercms_3.4.3

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

README.md

README.md

 
 

Repository files navigation

XSS in WonderCMS 3.4.3 (SETTINGS -> CURRENT PAGE)

Software link: WonderCMS 3.4.3 [https://www.wondercms.com/download]

@author: Antonio Díaz.

Description: Cross-site scripting (XSS) vulnerability in CURRENT PAGE of the SETTINGS section of WonderCMS 3.4.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'PAGE TITLE', 'PAGE KEYWORDS' and/or 'PAGE DESCRIPTION'.

CVE: CVE-2024-32338, CVE-2024-32744 y CVE-2024-32745.

PoC

PAGE TITLE (CVE-2024-32338)

  1. Enter to Current Page of the SETTINGS section in the webpage and in 'PAGE TITLE' set the payload:

image

  1. Click anywhere outside the parameter box to save:

image image

PAGE KEYWORDS (CVE-2024-32744)

  1. Enter to Current Page of the SETTINGS section in the webpage and in 'PAGE KEYWORDS' set the payload:

image

  1. Click anywhere outside the parameter box to save:

image image

PAGE DESCRIPTION (CVE-2024-32745)

  1. Enter to Current Page of the SETTINGS section in the webpage and in 'PAGE DESCRIPTION' set the payload:

image

  1. Click anywhere outside the parameter box to save:

image image

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published