CVE-2023-53910

Medium CVSS: 5.1

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script content in the content parameter to execute JavaScript when users view the affected page.

Vendor

Wbce

Product

Wbce Cms

CWE

CWE-79

Yayın Tarihi

2025-12-17 23:15:49

Güncelleme

2025-12-27 17:15:42

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Wbce Cms MEDIUM Wbce 2025

Referanslar

https://wbce-cms.org/ https://www.exploit-db.com/exploits/51484 https://www.vulncheck.com/advisories/wbce-cms-stored-cross-site-scripting-via-page-content https://www.exploit-db.com/exploits/51484

Benzer Kayıtlar

High

CVE-2022-50936

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload mal…

Medium

CVE-2023-53909

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malici…

High

CVE-2023-53901

WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to c…

High

CVE-2025-34506

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrator…

High

CVE-2024-58283

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload mali…

Critical

CVE-2025-65950

WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged…