CVE-2017-1000213

WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=usersearch...

CVE-2017-1000213

WBCE v1.1.11 is vulnerable to a reflected XSS in the begriff POST parameter of /admin/admintools/tool.php?tool=user_search. Impact per the sources aligns with injecting/script execution in the victim’s browser and potential information tampering, though exploitation details are not provided in th...

CVE-2017-2118

Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2017-2118

Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2017-2119

Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2017-2120

SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors...

CVE-2017-2120

SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors...

CVE-2017-2119

Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors...

Cross site scripting

Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Sql injection

SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors...

Directory traversal

Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2017-2119

CVE-2017-2119 : WBCE CMS versions 1.1.10 and earlier are affected by a directory traversal vulnerability (CWE-22) that allows remote attackers to read arbitrary files via unspecified vectors. The impact is local file disclosure on the server. Public fixes exist: patch WBCE CMS 1.1.3–1.1.10 is ava...

CVE-2017-2120

SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors...

CVE-2017-2119

Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2017-2120

WBCE CMS (versions 1.1.10 and earlier) contains an SQL injection vulnerability (CWE-89) that can be triggered by an administrator, enabling execution of arbitrary SQL commands via unspecified vectors. The issue is listed as CVE-2017-2120. A patch exists for WBCE CMS 1.1.3–1.1.10; update to a vers...

CVE-2017-2118

Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2017-2118

Technical details about CVE-2017-2118 are not publicly provided in the supplied documents. No confirmed affected versions or vectors are described here. Monitor for updates from official advisories and vendor patches.

WBCE CMS vulnerable to SQL injection

Overview WBCE CMS provided by WBCE Team is an open-source Contents Management System CMS. WBCE CMS contains an SQL injection vulnerability CWE-89. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

WBCE CMS vulnerable to cross-site scripting

Overview WBCE CMS provided by WBCE Team is an open-source Contents Management System CMS. WBCE CMS contains a cross-site scripting vulnerability CWE-79. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

JVN#73083905: Multiple vulnerabilities in WBCE CMS

WBCE CMS provided by WBCE Team is an open-source Contents Management System CMS. WBCE CMS contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2017-2118 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...