CVE-2023-53903

Medium CVSS: 5.1

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags that execute when the file is viewed, enabling persistent cross-site scripting attacks.

Vendor

Websitebaker

Product

Websitebaker

CWE

CWE-79

Yayın Tarihi

2025-12-16 17:16:02

Güncelleme

2025-12-24 17:54:34

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Websitebaker MEDIUM Websitebaker 2025

Referanslar

https://websitebaker.org/pages/en/home.php https://www.exploit-db.com/exploits/51553 https://www.vulncheck.com/advisories/websitebaker-stored-cross-site-scripting-via-svg-file-upload

Benzer Kayıtlar

High

CVE-2021-47788

WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editin…

Medium

CVE-2023-53953

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malic…

High

CVE-2023-53902

WebsiteBaker 2.13.3 contains a directory traversal vulnerability that allows authenticated attackers to delete arbitrary…