CVE-2023-53909

Medium CVSS: 5.1

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the /wbce/modules/elfinder/ef/php/connector.wbce.php endpoint and execute JavaScript when victims access the uploaded file.

Vendor

Wbce

Product

Wbce Cms

CWE

CWE-79

Yayın Tarihi

2025-12-17 23:15:49

Güncelleme

2025-12-27 17:15:42

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Wbce Cms MEDIUM Wbce 2025

Referanslar

https://wbce-cms.org/ https://www.exploit-db.com/exploits/51484 https://www.vulncheck.com/advisories/wbce-cms-svg-file-content-cross-site-scripting https://www.exploit-db.com/exploits/51484

Benzer Kayıtlar

High

CVE-2022-50936

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload mal…

Medium

CVE-2023-53910

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malici…

High

CVE-2023-53901

WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to c…

High

CVE-2025-34506

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrator…

High

CVE-2024-58283

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload mali…

Critical

CVE-2025-65950

WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged…