CVE-2022-45039

An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-45037

A cross-site scripting XSS vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field...

CVE-2022-45038

A cross-site scripting XSS vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field...

CVE-2022-45036

A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field...

CVE-2022-45038

A cross-site scripting XSS vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field...

CVE-2022-45036

A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field...

Cross site scripting

A cross-site scripting XSS vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field...

Cross site scripting

A cross-site scripting XSS vulnerability in /admin/pages/sectionssave.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field...

Cross site scripting

A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field...

CVE-2022-45039

An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-45038

A cross-site scripting XSS vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field...

CVE-2022-45037

WBCE CMS v1.5.4 contains a stored cross-site scripting (XSS) vulnerability in /admin/users/index.php. The issue allows an attacker to inject arbitrary web scripts or HTML via the Display Name field, potentially leading to execution in pages viewed by other users. Nuclei templates label this as St...

CVE-2022-45038

WBCE CMS v1.5.4 suffers a stored XSS in /admin/settings/save.php, exploitable via a crafted payload in the Website Footer field. Impact described: arbitrary script execution in users' browsers, with risks such as data theft, session hijacking, or page defacement. Affected component: admin/setting...

CVE-2022-45039

WBCE CMS 1.5.4 is affected in the Server Settings module by an arbitrary file upload vulnerability that enables remote code execution through a crafted PHP file. The CVSSv3.1 base score is 7.2 (HIGH) with network access, low attack complexity, and high impact on confidentiality, integrity, and av...

CVE-2022-45040

A cross-site scripting XSS vulnerability in /admin/pages/sectionssave.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field...

PT-2022-27384 · Wbce Cms · Wbce Cms

Name of the Vulnerable Software and Affected Versions: WBCE CMS version 1.5.4 Description: An arbitrary file upload vulnerability in the Server Settings module allows attackers to execute arbitrary code via a crafted PHP file. Recommendations: For WBCE CMS version 1.5.4, consider disabling the fi...

CVE-2022-45036

A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field...

CVE-2022-45040

A cross-site scripting XSS vulnerability in /admin/pages/sectionssave.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field...

CVE-2022-45036

WBCE CMS 1.5.4 contains an XSS in the Search Settings module, exploitable via a crafted payload in the No Results field. The vulnerability can lead to execution of arbitrary scripts/HTML in affected pages. Current documents do not provide a remediation or patch details; no exploit status is speci...

WBCE CMS 跨站脚本漏洞

WBCE CMS is an open source content management system CMS based on PHP and MySQL. A security vulnerability exists in WBCE CMS v1.5.4, which originates from a cross-site scripting XSS vulnerability in /admin/users/index.php. An attacker can exploit this vulnerability to execute arbitrary web script...