CVE-2023-53901

High CVSS: 7.1

WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image requests.

Vendor

Wbce

Product

Wbce Cms

CWE

CWE-601

Yayın Tarihi

2025-12-16 17:16:02

Güncelleme

2025-12-30 18:41:08

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-601 Wbce Cms HIGH Wbce 2025

Referanslar

https://wbce-cms.org/ https://www.exploit-db.com/exploits/51566 https://www.vulncheck.com/advisories/wbce-cms-cross-site-scripting-and-open-redirect-vulnerability

Benzer Kayıtlar

High

CVE-2022-50936

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload mal…

Medium

CVE-2023-53909

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malici…

Medium

CVE-2023-53910

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malici…

High

CVE-2025-34506

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrator…

High

CVE-2024-58283

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload mali…

Critical

CVE-2025-65950

WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged…