Wbce-Cms Wbce Cms vulnerabilities
2 known vulnerabilities affecting wbce-cms/wbce_cms.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-53909P4MEDIUMCVSS 5.4v1.6.12025-12-17
CVE-2023-53909 [MEDIUM] CWE-79 CVE-2023-53909: WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attack
WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the /wbce/modules/elfinder/ef/php/connector.wbce.php endpoint and execute JavaScript when victims acce
nvd
CVE-2023-53910P4MEDIUMCVSS 5.4v1.6.12025-12-17
CVE-2023-53910 [MEDIUM] CWE-79 CVE-2023-53910: WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attack
WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script content in the content parameter to execute JavaScript
nvd