Vulnerabilities > Wbce > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-21 | CVE-2022-45016 | Cross-site Scripting vulnerability in Wbce CMS A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field. | 4.8 |
2022-11-21 | CVE-2022-45017 | Cross-site Scripting vulnerability in Wbce CMS A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field. | 4.8 |
2022-04-28 | CVE-2022-28477 | Cross-site Scripting vulnerability in Wbce CMS 1.5.2 WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS). | 4.3 |
2022-02-24 | CVE-2022-25099 | Unspecified vulnerability in Wbce CMS 1.5.2 A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. network wbce | 6.8 |
2022-02-24 | CVE-2022-25101 | Unspecified vulnerability in Wbce CMS 1.5.2 A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. network wbce | 6.8 |
2019-10-14 | CVE-2019-17575 | Code Injection vulnerability in Wbce CMS A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. | 6.5 |
2017-04-28 | CVE-2017-2120 | SQL Injection vulnerability in Wbce CMS SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. | 6.0 |
2017-04-28 | CVE-2017-2119 | Path Traversal vulnerability in Wbce CMS Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
2017-04-28 | CVE-2017-2118 | Cross-site Scripting vulnerability in Wbce CMS Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |