340 matches found
WBCE CMS 跨站脚本漏洞
WBCE CMS is an open source content management system CMS based on PHP and MySQL. WBCE CMS v1.5.4 and its previous versions exist cross-site scripting vulnerability, the vulnerability stems from the Search Settings module in the Results Header field of the user-supplied data lack of effective...
WBCE CMS Access Control Error Vulnerability
WBCE CMS is an open source content management system CMS based on PHP and MySQL. WBCE CMS suffers from an Access Control Error vulnerability that stems from the increaseattempts function in the wbce/framework/class.login.php file in its Header Handler component not appropriately restricting too...
PT-2022-27372 · Wbce Cms · Wbce Cms
Name of the Vulnerable Software and Affected Versions: WBCE CMS version 1.5.4 Description: A cross-site scripting XSS issue in the Overview Page settings module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field. This enables the...
CVE-2022-45012
A cross-site scripting XSS vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field...
PT-2022-27369 · Wbce Cms · Wbce Cms
Name of the Vulnerable Software and Affected Versions: WBCE CMS version 1.5.4 Description: A cross-site scripting XSS issue in the Search Settings module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field. Recommendations: For WB...
CVE-2022-45017
A cross-site scripting XSS vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field...
PT-2022-27367 · Wbce Cms · Wbce Cms
Name of the Vulnerable Software and Affected Versions: WBCE CMS version 1.5.4 Description: A cross-site scripting XSS issue in the Modify Page module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field. Recommendations: For WBCE CMS versi...
CVE-2022-45015
WBCE CMS v1.5.4 is affected by a cross-site scripting (XSS) vulnerability in the Search Settings module, exploitable via a crafted payload in the Results Footer field. The root cause is lack of proper filtering/escaping in user-supplied data in that field. Consequences stated include arbitrary we...
CVE-2022-45013
WBCE CMS v1.5.4 contains a cross-site scripting (XSS) vulnerability in the Show Advanced Option module, exploitable via the Section Header field where user-supplied data is not properly filtered/escaped. This can allow an attacker to inject arbitrary web scripts or HTML when crafting input in tha...
CVE-2022-45016
A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field...
CVE-2022-45014
A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field...
CVE-2022-45015
A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field...
PT-2022-27371 · Wbce Cms · Wbce Cms
Name of the Vulnerable Software and Affected Versions: WBCE CMS version 1.5.4 Description: A cross-site scripting XSS issue in the Search Settings module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field. Recommendations: For WBCE CMS...
WBCE CMS 跨站脚本漏洞
WBCE CMS is an open source content management system CMS based on PHP and MySQL. WBCE CMS v1.5.4 and its previous versions exist cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the Source field in the Modify Pa...
CVE-2022-45012
The CVE-2022-45012 issue affects WBCE CMS v1.5.4 in the Modify Page module, where the Source field lacks proper filtering/escaping, enabling cross-site scripting (XSS) by injecting arbitrary scripts/HTML. The vulnerability is caused by insufficient data validation in the Source field, as describe...
CVE-2022-45013
A cross-site scripting XSS vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field...
CVE-2022-45012
A cross-site scripting XSS vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field...
CVE-2022-45013
A cross-site scripting XSS vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field...
CVE-2022-45016
CVE-2022-45016 describes a cross-site scripting (XSS) vulnerability in WBCE CMS, specifically in the Search Settings module for version 1.5.4, where attacker-controlled data in the Footer field can inject arbitrary scripts/HTML. The core issue is lack of proper filtering/escaping of user-supplied...
CVE-2022-45017
A cross-site scripting XSS vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field...