CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2014-8702
https://notcve.org/view.php?id=CVE-2014-8702
Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the password, which reveals the installation path in an error message. Wonder CMS 2014 permite a atacantes remotos obtener información sensible iniciando sesión en la aplicación con una matriz para la contraseña, lo que revela la ruta de instalación en un mensaje de error. • http://rossmarks.uk/portfolio.php http://rossmarks.uk/whitepapers/wonder_cms_2014.txt http://www.securityfocus.com/bid/97192 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-5317
https://notcve.org/view.php?id=CVE-2011-5317
Cross-site scripting (XSS) vulnerability in editText.php in WonderCMS before 0.4 allows remote attackers to inject arbitrary web script or HTML via the content parameter. Vulnerabilidad de XSS en editText.php en WonderCMS anterior a 0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro content. • https://www.htbridge.com/advisory/HTB22759 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •