Vulnerabilities > Wbce > Wbce CMS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-21 | CVE-2023-46054 | Cross-site Scripting vulnerability in Wbce CMS Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component. | 5.4 |
| 2023-09-28 | CVE-2023-43871 | Cross-site Scripting vulnerability in Wbce CMS 1.6.1 A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). | 5.4 |
| 2022-11-25 | CVE-2022-45036 | Cross-site Scripting vulnerability in Wbce CMS 1.5.4 A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field. | 5.4 |
| 2022-11-25 | CVE-2022-45037 | Cross-site Scripting vulnerability in Wbce CMS 1.5.4 A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field. | 5.4 |
| 2022-11-25 | CVE-2022-45038 | Cross-site Scripting vulnerability in Wbce CMS 1.5.4 A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. | 5.4 |
| 2022-11-25 | CVE-2022-45040 | Cross-site Scripting vulnerability in Wbce CMS 1.5.4 A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field. | 5.4 |
| 2022-11-21 | CVE-2022-45012 | Cross-site Scripting vulnerability in Wbce CMS A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field. | 4.8 |
| 2022-11-21 | CVE-2022-45013 | Cross-site Scripting vulnerability in Wbce CMS A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field. | 4.8 |
| 2022-11-21 | CVE-2022-45014 | Cross-site Scripting vulnerability in Wbce CMS A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field. | 4.8 |
| 2022-11-21 | CVE-2022-45015 | Cross-site Scripting vulnerability in Wbce CMS A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field. | 4.8 |