Vulnerabilities > Wbce > Wbce CMS > 1.5.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-21 | CVE-2023-46054 | Cross-site Scripting vulnerability in Wbce CMS Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component. | 5.4 |
| 2022-12-20 | CVE-2022-46020 | Unrestricted Upload of File with Dangerous Type vulnerability in Wbce CMS 1.5.4 WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. | 9.8 |
| 2022-11-25 | CVE-2022-45036 | Cross-site Scripting vulnerability in Wbce CMS 1.5.4 A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field. | 5.4 |
| 2022-11-25 | CVE-2022-45037 | Cross-site Scripting vulnerability in Wbce CMS 1.5.4 A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field. | 5.4 |
| 2022-11-25 | CVE-2022-45038 | Cross-site Scripting vulnerability in Wbce CMS 1.5.4 A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. | 5.4 |
| 2022-11-25 | CVE-2022-45039 | Unrestricted Upload of File with Dangerous Type vulnerability in Wbce CMS 1.5.4 An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file. | 7.2 |
| 2022-11-25 | CVE-2022-45040 | Cross-site Scripting vulnerability in Wbce CMS 1.5.4 A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field. | 5.4 |
| 2022-11-21 | CVE-2022-45012 | Cross-site Scripting vulnerability in Wbce CMS A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field. | 4.8 |
| 2022-11-21 | CVE-2022-45013 | Cross-site Scripting vulnerability in Wbce CMS A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field. | 4.8 |
| 2022-11-21 | CVE-2022-45014 | Cross-site Scripting vulnerability in Wbce CMS A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field. | 4.8 |