exploitDog

CVE-2023-53901

Опубликовано: 16 дек. 2025

Источник: nvd

CVSS3: 5.4

CVSS3: 6.1

EPSS Низкий

Описание

WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image requests.

Ссылки

https://wbce-cms.org/
Product
https://www.exploit-db.com/exploits/51566
Exploit
Third Party Advisory
VDB Entry
https://www.vulncheck.com/advisories/wbce-cms-cross-site-scripting-and-open-redirect-vulnerability
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wbce:wbce_cms:1.6.1:-:*:*:*:*:*:*

EPSS

Процентиль: 10%

0.00034

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-601

Связанные уязвимости

GHSA-5xp8-7cch-3599

CVSS3: 5.4

github

около 2 месяцев назад

WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image requests.

EPSS

Процентиль: 10%

0.00034

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-601