exploitDog

CVE-2023-53910

Опубликовано: 17 дек. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script content in the content parameter to execute JavaScript when users view the affected page.

Ссылки

https://wbce-cms.org/
Product
https://www.exploit-db.com/exploits/51484
Exploit
Third Party Advisory
VDB Entry
https://www.vulncheck.com/advisories/wbce-cms-stored-cross-site-scripting-via-page-content
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/51484
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wbce:wbce_cms:1.6.1:-:*:*:*:*:*:*

EPSS

Процентиль: 8%

0.0003

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-cp7v-fv9w-75m3

CVSS3: 5.4

github

около 2 месяцев назад

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script content in the content parameter to execute JavaScript when users view the affected page.

EPSS

Процентиль: 8%

0.0003

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79