cbcvebase.

Wbce Cms vulnerabilities

39 known vulnerabilities affecting wbce/wbce_cms.

Total CVEs
39
CISA KEV
0
Public exploits
6
Exploited in wild
1
Severity breakdown
CRITICAL4HIGH14MEDIUM21

Vulnerabilities

Page 2 of 2
CVE-2022-25101P3HIGHCVSS 7.8v1.5.22022-02-24
CVE-2022-25101 [HIGH] CVE-2022-25101: A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execu A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.
nvd
CVE-2023-53909P4MEDIUMCVSS 5.4v1.6.12025-12-17
CVE-2023-53909 [MEDIUM] CWE-79 CVE-2023-53909: WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attack WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the /wbce/modules/elfinder/ef/php/connector.wbce.php endpoint and execute JavaScript when victims acce
nvd
CVE-2023-53901P4MEDIUMCVSS 6.1v1.6.12025-12-16
CVE-2023-53901 [MEDIUM] CWE-601 CVE-2023-53901: WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicio WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image requests.
nvd
CVE-2023-53910P4MEDIUMCVSS 5.4v1.6.12025-12-17
CVE-2023-53910 [MEDIUM] CWE-79 CVE-2023-53910: WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attack WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script content in the content parameter to execute JavaScript
nvd
CVE-2023-43871P4MEDIUMCVSS 5.4v1.6.12023-09-28
CVE-2023-43871 [MEDIUM] CWE-79 CVE-2023-43871: A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
nvd
CVE-2017-2118P4MEDIUMCVSS 6.1≤ 1.1.102017-04-28
CVE-2017-2118 [MEDIUM] CWE-79 CVE-2017-2118: Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2022-28477P4MEDIUMCVSS 6.1v1.5.22022-04-28
CVE-2022-28477 [MEDIUM] CWE-79 CVE-2022-28477: WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS). WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS).
nvd
CVE-2022-30072P4MEDIUMCVSS 5.4v1.5.22022-05-17
CVE-2022-30072 [MEDIUM] CWE-79 CVE-2022-30072: WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namese WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namesection2 parameters.
nvd
CVE-2023-46054P4MEDIUMCVSS 5.4≤ 1.6.12023-10-21
CVE-2023-46054 [MEDIUM] CWE-79 CVE-2023-46054: Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component.
nvd
CVE-2022-45040P4MEDIUMCVSS 5.4v1.5.42022-11-25
CVE-2022-45040 [MEDIUM] CWE-79 CVE-2022-45040: A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allo A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field.
nvd
CVE-2022-45036P4MEDIUMCVSS 5.4v1.5.42022-11-25
CVE-2022-45036 [MEDIUM] CWE-79 CVE-2022-45036: A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows a A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field.
nvd
CVE-2018-6313P4MEDIUMCVSS 4.8v1.3.12018-01-25
CVE-2018-6313 [MEDIUM] CVE-2018-6313: Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject ar Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118.
nvd
CVE-2017-1000213P4MEDIUMCVSS 4.8v1.1.112017-11-17
CVE-2017-1000213 [MEDIUM] CWE-79 CVE-2017-1000213: WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/to WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search
nvd
CVE-2022-45017P4MEDIUMCVSS 4.8≤ 1.5.42022-11-21
CVE-2022-45017 [MEDIUM] CWE-79 CVE-2022-45017: A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 a A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field.
nvd
CVE-2022-45012P4MEDIUMCVSS 4.8≤ 1.5.42022-11-21
CVE-2022-45012 [MEDIUM] CWE-79 CVE-2022-45012: A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attac A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field.
nvd
CVE-2022-45016P4MEDIUMCVSS 4.8≤ 1.5.42022-11-21
CVE-2022-45016 [MEDIUM] CWE-79 CVE-2022-45016: A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows a A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field.
nvd
CVE-2022-45014P4MEDIUMCVSS 4.8≤ 1.5.42022-11-21
CVE-2022-45014 [MEDIUM] CWE-79 CVE-2022-45014: A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows a A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field.
nvd
CVE-2022-45015P4MEDIUMCVSS 4.8≤ 1.5.42022-11-21
CVE-2022-45015 [MEDIUM] CWE-79 CVE-2022-45015: A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows a A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field.
nvd
CVE-2022-45013P4MEDIUMCVSS 4.8≤ 1.5.42022-11-21
CVE-2022-45013 [MEDIUM] CWE-79 CVE-2022-45013: A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 all A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field.
nvd
Wbce Cms vulnerabilities | cvebase