CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46054
https://notcve.org/view.php?id=CVE-2023-46054
Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component. Vulnerabilidad de Cross Site Scripting (XSS) en WBCE CMS v.1.6.1 y anteriores permite a un atacante remoto escalar privilegios a través de un script manipulado al parámetro website_footer en el componente admin/settings/save.php. • https://github.com/aaanz/aaanz.github.io/blob/master/XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2022-46020
https://notcve.org/view.php?id=CVE-2022-46020
WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. WBCE CMS v1.5.4 puede implementar getshell modificando el tipo de archivo de carga. • https://github.com/10vexh/Vulnerability/blob/main/WBCE%20CMS%20v1.5.4%20getshell.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45040
https://notcve.org/view.php?id=CVE-2022-45040
A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field. Una vulnerabilidad de cross-site scripting (XSS) en /admin/pages/sections_save.php de WBCE CMS v1.5.4 permite a los atacantes ejecutar scrpts web o HTML de su elección a través de un payload manipulado inyectado en el campo Sección de nombre. • https://shimo.im/docs/XKq4MKmDGnsgjZkN • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45039
https://notcve.org/view.php?id=CVE-2022-45039
An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file. Una vulnerabilidad de carga de archivos arbitrarios en el módulo de configuración del servidor de WBCE CMS v1.5.4 permite a los atacantes ejecutar código arbitrario a través de un archivo PHP manipulado. • https://shimo.im/docs/XKq4MKmDYDC8B1kN • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45038
https://notcve.org/view.php?id=CVE-2022-45038
A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. Una vulnerabilidad de cross-site scripting(XSS) en /admin/settings/save.php de WBCE CMS v1.5.4 permite a los atacantes ejecutar scripts web o HTML de su elección a través de un payload manipulado inyectado en el campo Pie de página del sitio web. • https://shimo.im/docs/Ee32MrJd80iEwyA2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •