340 matches found
CVE-2022-4006
A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by this issue is the function increaseattempts of the file wbce/framework/class.login.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of...
CVE-2022-4006
A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by this issue is the function increaseattempts of the file wbce/framework/class.login.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of...
Design/Logic Flaw
A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by this issue is the function increaseattempts of the file wbce/framework/class.login.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of...
CVE-2022-4006 WBCE CMS Header class.login.php increase_attempts excessive authentication
A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by this issue is the function increaseattempts of the file wbce/framework/class.login.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of...
CVE-2022-4006 WBCE CMS Header class.login.php increase_attempts excessive authentication
A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by this issue is the function increaseattempts of the file wbce/framework/class.login.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of...
PT-2022-25180 · Wbce Cms · Wbce Cms
Name of the Vulnerable Software and Affected Versions: WBCE CMS affected versions not specified Description: A problematic issue has been found in WBCE CMS, affecting the function increase attempts of the file wbce/framework/class.login.php of the component Header Handler. The manipulation of the...
CVE-2022-4006
WBCE CMS (Header Handler) contains a vulnerability in the increase_attempts function of wbce/framework/class.login.php where manipulating X-Forwarded-For leads to insufficiently restricting excessive authentication attempts. This is a remote-auth related issue, with impact described as improper r...
WBCE CMS Cross-Site Scripting Vulnerability (CNVD-2022-68522)
WBCE CMS is an open source content management system CMS based on PHP and MySQL. version 1.5.2 of WBCE CMS contains a cross-site scripting vulnerability that can be exploited to cause a cross-site scripting XSS attack via the \admin\pages\sectionssave.php namesection2 parameter...
WBCE CMS Cross-Site Scripting Vulnerability (CNVD-2022-68523)
WBCE CMS is an open source content management system CMS based on PHP and MySQL. version 1.5.2 of WBCE CMS contains a cross-site scripting vulnerability that can be exploited by attackers to conduct cross-site scripting XSS attacks via /admin/users/save.php...
CVE-2022-30072
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting XSS via \admin\pages\sectionssave.php namesection2 parameters...
CVE-2022-30072
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting XSS via \admin\pages\sectionssave.php namesection2 parameters...
CVE-2022-30072
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting XSS via \admin\pages\sectionssave.php namesection2 parameters...
Cross site scripting
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting XSS via \admin\pages\sectionssave.php namesection2 parameters...
CVE-2022-30073
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting XSS via /admin/users/save.php...
CVE-2022-30073
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting XSS via /admin/users/save.php...
CVE-2022-30073
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting XSS via /admin/users/save.php...
Cross site scripting
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting XSS via /admin/users/save.php...
CVE-2022-30072
WBCE CMS 1.5.2 is vulnerable to Cross-Site Scripting (XSS) via the admin/pages/sections_save.php namesection2 parameter. Root cause is unvalidated input leading to script injection. No exploitation details or patch information are provided in the connected documents. Impact is described as XSS; r...
CVE-2022-30072
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting XSS via \admin\pages\sectionssave.php namesection2 parameters...
CVE-2022-30073
WBCE CMS 1.5.2 contains a stored Cross‑Site Scripting (XSS) vulnerability in the Display Name parameter of /admin\Users\save.php. The Nuclei template confirms the flaw as stored XSS with practical impact information: injection of malicious scripts into pages viewed by other users, potentially ena...