Page 5 of 22 results (0.002 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the password, which reveals the installation path in an error message. Wonder CMS 2014 permite a atacantes remotos obtener información sensible iniciando sesión en la aplicación con una matriz para la contraseña, lo que revela la ruta de instalación en un mensaje de error. • http://rossmarks.uk/portfolio.php http://rossmarks.uk/whitepapers/wonder_cms_2014.txt http://www.securityfocus.com/bid/97192 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in editText.php in WonderCMS before 0.4 allows remote attackers to inject arbitrary web script or HTML via the content parameter. Vulnerabilidad de XSS en editText.php en WonderCMS anterior a 0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro content. • https://www.htbridge.com/advisory/HTB22759 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •