CVE-2020-29247

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-29247

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-29247.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-29247

Published

2020-12-24T20:15:12.523Z

Modified

2025-11-14T11:06:11.480090Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload.

References

Affected packages

Git / github.com/robiso/wondercms

Affected ranges

Type: GIT
Repo: https://github.com/robiso/wondercms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

f0d74f1d7aea282864311b8b954804179b5f8a97

Affected versions

1.*

1.1.0-beta

1.2.0-beta

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.1.0

2.2.0

2.2.1

2.3.0

2.3.1

2.3.2

2.4.0

2.4.1

2.4.2

2.5.0

2.5.1

2.5.2

2.6.0

2.7.0

3.*

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.1.0

3.1.1

3.1.2

3.1.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-29247.json"