Vulnerabilities > Wbce > Wbce CMS > 1.6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-21 | CVE-2023-46054 | Cross-site Scripting vulnerability in Wbce CMS Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component. | 5.4 |
| 2023-09-28 | CVE-2023-43871 | Cross-site Scripting vulnerability in Wbce CMS 1.6.1 A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). | 5.4 |
| 2023-08-03 | CVE-2023-38947 | Unrestricted Upload of File with Dangerous Type vulnerability in Wbce CMS 1.6.1 An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file. | 7.2 |