4 matches found
CVE-2023-53884
Webedition CMS v2.9.8.8 is affected by a stored cross-site scripting vulnerability that allows authenticated users to upload SVG files containing JavaScript via the media upload feature. When these crafted SVGs are viewed by other users, the embedded scripts can be executed, enabling arbitrary sc...
PT-2025-51301
Name of the Vulnerable Software and Affected Versions Webedition CMS version 2.9.8.8 Description Webedition CMS version 2.9.8.8 has a flaw that permits authenticated attackers to execute system commands remotely. This is achieved by creating a new PHP page and inserting malicious system commands...
CVE-2024-28418
Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/wecmd.php...
PT-2024-22422 · Unknown · Webedition Cms
Name of the Vulnerable Software and Affected Versions: Webedition CMS version 9.2.2.0 Description: The issue is a Stored XSS vulnerability. It can be exploited via the "/webEdition/we cmd.php" API endpoint. Recommendations: For Webedition CMS version 9.2.2.0, as a temporary workaround, consider...