Vulnerabilities > Wbce > Wbce CMS > 1.1.11

DATE CVE VULNERABILITY TITLE RISK
2023-10-21 CVE-2023-46054 Cross-site Scripting vulnerability in Wbce CMS
Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component.
network
low complexity
wbce CWE-79
5.4
5.4
2022-11-21 CVE-2022-45012 Cross-site Scripting vulnerability in Wbce CMS
A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field.
network
low complexity
wbce CWE-79
4.8
4.8
2022-11-21 CVE-2022-45013 Cross-site Scripting vulnerability in Wbce CMS
A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field.
network
low complexity
wbce CWE-79
4.8
4.8
2022-11-21 CVE-2022-45014 Cross-site Scripting vulnerability in Wbce CMS
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field.
network
low complexity
wbce CWE-79
4.8
4.8
2022-11-21 CVE-2022-45015 Cross-site Scripting vulnerability in Wbce CMS
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field.
network
low complexity
wbce CWE-79
4.8
4.8
2022-11-21 CVE-2022-45016 Cross-site Scripting vulnerability in Wbce CMS
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field.
network
low complexity
wbce CWE-79
4.8
4.8
2022-11-21 CVE-2022-45017 Cross-site Scripting vulnerability in Wbce CMS
A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field.
network
low complexity
wbce CWE-79
4.8
4.8
2021-12-09 CVE-2021-3817 SQL Injection vulnerability in Wbce CMS
wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
network
low complexity
wbce CWE-89
7.5
7.5
2019-10-14 CVE-2019-17575 Code Injection vulnerability in Wbce CMS
A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier.
network
low complexity
wbce CWE-94
6.5
6.5
2017-11-17 CVE-2017-1000213 Cross-site Scripting vulnerability in Wbce CMS 1.1.11
WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search
network
wbce CWE-79
3.5
3.5