Vulnerabilities > Wbce > Wbce CMS > 1.5.4

DATE CVE VULNERABILITY TITLE RISK
2023-10-21 CVE-2023-46054 Cross-site Scripting vulnerability in Wbce CMS
Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component.
network
low complexity
wbce CWE-79
5.4
5.4
2022-12-20 CVE-2022-46020 Unrestricted Upload of File with Dangerous Type vulnerability in Wbce CMS 1.5.4
WBCE CMS v1.5.4 can implement getshell by modifying the upload file type.
network
low complexity
wbce CWE-434
critical
 9.8
9.8
2022-11-25 CVE-2022-45036 Cross-site Scripting vulnerability in Wbce CMS 1.5.4
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field.
network
low complexity
wbce CWE-79
5.4
5.4
2022-11-25 CVE-2022-45037 Cross-site Scripting vulnerability in Wbce CMS 1.5.4
A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.
network
low complexity
wbce CWE-79
5.4
5.4
2022-11-25 CVE-2022-45038 Cross-site Scripting vulnerability in Wbce CMS 1.5.4
A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.
network
low complexity
wbce CWE-79
5.4
5.4
2022-11-25 CVE-2022-45039 Unrestricted Upload of File with Dangerous Type vulnerability in Wbce CMS 1.5.4
An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
wbce CWE-434
7.2
7.2
2022-11-25 CVE-2022-45040 Cross-site Scripting vulnerability in Wbce CMS 1.5.4
A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field.
network
low complexity
wbce CWE-79
5.4
5.4