CVE-2017-16514

2018-01-1017:00:00

mitre

www.cve.org

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.4%

JSON

Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Description) and /install/index.php (Site Title) in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in the application.

References

gist.github.com/anonymous/13df19c04c7e86c0f5256b91376d593a