CVE-2023-46054
https://notcve.org/view.php?id=CVE-2023-46054
Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component. Vulnerabilidad de Cross Site Scripting (XSS) en WBCE CMS v.1.6.1 y anteriores permite a un atacante remoto escalar privilegios a través de un script manipulado al parámetro website_footer en el componente admin/settings/save.php. • https://github.com/aaanz/aaanz.github.io/blob/master/XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-43871
https://notcve.org/view.php?id=CVE-2023-43871
A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). Vulnerabilidad de carga de archivos en WBCE v.1.6.1 permite a un atacante local cargar un archivo pdf con Cross Site Scripting (XSS) oculto. • https://github.com/sromanhu/CVE-2023-43871-WBCE-Arbitrary-File-Upload--XSS---Media https://github.com/sromanhu/CVE-2023-43871-WBCE-Arbitrary-File-Upload--XSS---Media/blob/main/README.md https://github.com/sromanhu/WBCE-File-Upload--XSS---Media/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-38947
https://notcve.org/view.php?id=CVE-2023-38947
An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file. • https://gitee.com/CTF-hacker/pwn/issues/I7LH2N https://github.com/capture0x/WBCE_CMS https://packetstormsecurity.com/files/176018/WBCE-CMS-1.6.1-Shell-Upload.html • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-616: Incomplete Identification of Uploaded File Variables (PHP) •