CVE-2022-45038
published 2022-11-25CVE-2022-45038: A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a…
PriorityP427medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
1.02%
59.2th percentile
A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wbce | wbce_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WBCE CMS v1.5.4 - Cross Site Scripting (Stored)
nuclei·CVSS 5.4
CVE-2022-45038 [MEDIUM] WBCE CMS v1.5.4 - Cross Site Scripting (Stored)
WBCE CMS v1.5.4 - Cross Site Scripting (Stored)
A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.
Template:
id: CVE-2022-45038
info:
name: WBCE CMS v1.5.4 - Cross Site Scripting (Stored)
author: theamanrawat
severity: medium
description: |
A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijac
No writeups or analysis indexed.
2022-11-25
Published