171 matches found
CVE-2021-47788
WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language installation parameters to achieve remote code executi...
CVE-2021-47788
WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language installation parameters to achieve remote code executi...
websitebaker security vulnerabilities
WebsiteBaker is a PHP-based content management system developed by WebsiteBaker organization. Its features include a template-based front-end interface, pagination support, and multi-user management capabilities. Version 2.13.0 of WebsiteBaker contains a security vulnerability; this vulnerability...
CVE-2021-47788 WebsiteBaker 2.13.0 - Remote Code Execution (RCE) (Authenticated)
WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language installation parameters to achieve remote code executi...
CVE-2021-47788
WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language installation parameters to achieve remote code executi...
CVE-2021-47788
WebsiteBaker 2.13.0 is affected by an authenticated remote code execution (RCE) vulnerability. The issue arises when users with language editing rights manipulate parameters in the language installation endpoint, allowing remote code execution on the server. No fix version is provided in the conn...
CVE-2021-47788 WebsiteBaker 2.13.0 - Remote Code Execution (RCE) (Authenticated)
WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language installation parameters to achieve remote code executi...
PT-2026-3160
Name of the Vulnerable Software and Affected Versions WebsiteBaker version 2.13.0 Description WebsiteBaker version 2.13.0 has a flaw that permits authenticated users with language editing rights to execute code remotely. This is possible through manipulation of parameters within the language...
CVE-2023-53953
WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads in page titles that execute arbitrary JavaScript when the page is viewed by other users...
EUVD-2025-204598
WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads in page titles that execute arbitrary JavaScript when the page is viewed by other users...
CVE-2023-53953
WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads in page titles that execute arbitrary JavaScript when the page is viewed by other users...
CVE-2023-53953
WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads in page titles that execute arbitrary JavaScript when the page is viewed by other users...
CVE-2023-53953
CVE-2023-53953 affects WebsiteBaker 2.13.3. A stored XSS vulnerability allows an authenticated user to inject malicious scripts via page titles when creating web pages, which can execute for other viewers. Root cause: improper handling of user-supplied input in page title fields leading to script...
CVE-2023-53953 WebsiteBaker 2.13.3 Stored Cross-Site Scripting via Page Creation
WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads in page titles that execute arbitrary JavaScript when the page is viewed by other users...
CVE-2023-53953 WebsiteBaker 2.13.3 Stored Cross-Site Scripting via Page Creation
WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads in page titles that execute arbitrary JavaScript when the page is viewed by other users...
websitebaker 跨站脚本漏洞
websitebaker is a PHP-based content management system organized by WebsiteBaker. Its features include a template-based front-end interface, paging support, multi-user management, and more. A cross-site scripting vulnerability exists in websitebaker version 2.13.3, which stems from a stored...
PT-2025-52524
Name of the Vulnerable Software and Affected Versions WebsiteBaker version 2.13.3 Description An authenticated user can inject malicious scripts when creating web pages, leading to the execution of arbitrary JavaScript when a page is viewed by other users. The issue is due to a stored cross-site...
CVE-2023-53903
WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags that execute when the file is viewed, enabling persistent cross-site scripting...
CVE-2023-53902
WebsiteBaker 2.13.3 contains a directory traversal vulnerability that allows authenticated attackers to delete arbitrary files by manipulating directory path parameters. Attackers can send crafted GET requests to /admin/media/delete.php with directory traversal sequences to delete files outside t...
CVE-2023-53902
WebsiteBaker 2.13.3 contains a directory traversal vulnerability that allows authenticated attackers to delete arbitrary files by manipulating directory path parameters. Attackers can send crafted GET requests to /admin/media/delete.php with directory traversal sequences to delete files outside t...