CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46054
https://notcve.org/view.php?id=CVE-2023-46054
21 Oct 2023 — Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component. Vulnerabilidad de Cross Site Scripting (XSS) en WBCE CMS v.1.6.1 y anteriores permite a un atacante remoto escalar privilegios a través de un script manipulado al parámetro website_footer en el componente admin/settings/save.php. • https://github.com/aaanz/aaanz.github.io/blob/master/XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45012
https://notcve.org/view.php?id=CVE-2022-45012
21 Nov 2022 — A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field. Una vulnerabilidad de cross-site scripting (XSS) en el módulo Modificar página de WBCE CMS v1.5.4 permite a los atacantes ejecutar scripts web o HTML de su elección a través de un payload manipulado inyectado en el campo Source. • https://github.com/WBCE/WBCE_CMS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45013
https://notcve.org/view.php?id=CVE-2022-45013
21 Nov 2022 — A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field. Una vulnerabilidad de cross-site scripting (XSS) en el módulo Show Advanced Option de WBCE CMS v1.5.4 permite a los atacantes ejecutar scripts web o HTML de su elección a través de un payload manipulado inyectado en el campo Encabezado de sección. • https://github.com/WBCE/WBCE_CMS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45014
https://notcve.org/view.php?id=CVE-2022-45014
21 Nov 2022 — A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field. Una vulnerabilidad de cross-site scripting (XSS) en el módulo de configuración de búsqueda de WBCE CMS v1.5.4 permite a los atacantes ejecutar scripts web o HTML de su elección a través de un payload manipulado inyectado en el campo Results Header. • https://github.com/WBCE/WBCE_CMS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45015
https://notcve.org/view.php?id=CVE-2022-45015
21 Nov 2022 — A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field. Una vulnerabilidad de cross-site scripting (XSS) en el módulo de configuración de búsqueda de WBCE CMS v1.5.4 permite a los atacantes ejecutar scripts web o HTML de su elección a través de un payload manipulado inyectado en el campo Pie de página de resultados. • https://github.com/WBCE/WBCE_CMS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45016
https://notcve.org/view.php?id=CVE-2022-45016
21 Nov 2022 — A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field. Una vulnerabilidad de cross-site scripting (XSS) en el módulo de configuración de búsqueda de WBCE CMS v1.5.4 permite a los atacantes ejecutar scripts web o HTML de su elección a través de un payload manipulado inyectado en el campo Pie de página. • https://github.com/WBCE/WBCE_CMS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45017
https://notcve.org/view.php?id=CVE-2022-45017
21 Nov 2022 — A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field. Una vulnerabilidad de cross-site scripting (XSS) en el módulo de configuración de la página de descripción general de WBCE CMS v1.5.4 permite a los atacantes ejecutar scripts web o HTML de su elección a través de un payload manipulado inyectado en el campo Post Loop. • https://github.com/WBCE/WBCE_CMS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 17%CPEs: 1EXPL: 3CVE-2021-3817 – SQL Injection in wbce/wbce_cms
https://notcve.org/view.php?id=CVE-2021-3817
09 Dec 2021 — wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command wbce_cms es vulnerable a una Neutralización Inadecuada de Elementos Especiales usados en un Comando SQL WBCE CMS versions 1.5.1 and below suffer from an administrative password reset vulnerability. • https://www.exploit-db.com/exploits/50609 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17575
https://notcve.org/view.php?id=CVE-2019-17575
14 Oct 2019 — A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privileges to rename a media filename and extension. (For example: place PHP code in a .jpg file, and then change the file's base name to filename.ph and change the file's extension to p. Because of concatenation, the name is then treated as filename.php.) At the result, remote attackers can execute arbitrary PHP code. • https://github.com/kbgsft/vuln-wbce/wiki/Arbitrary-file-upload-vulnerbility-in-WBCE-CMS-1.4.0 • CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000213
https://notcve.org/view.php?id=CVE-2017-1000213
17 Nov 2017 — WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search WBCE v1.1.11 es vulnerable a Cross-Site Scripting (XSS) reflejado mediante el parámetro POST "begriff" en /admin/admintools/tool.php?tool=user_search. • https://github.com/WBCE/WBCE_CMS/commit/0da620016aec17ac2d2f3a22c55ab8c2b55e691e#diff-7b380285e285160d0070863099baabe0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •