CVE-2023-53909

Sažetak

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the /wbce/modules/elfinder/ef/php/connector.wbce.php endpoint and execute JavaScript when victims access the uploaded file.

Reference

https://wbce-cms.org/
https://www.exploit-db.com/exploits/51484
https://www.vulncheck.com/advisories/wbce-cms-svg-file-content-cross-site-scripting
https://www.exploit-db.com/exploits/51484

CVSS

Base:	5.4
Impact:	2.5
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Zadnje važnije ažuriranje

18-12-2025 - 15:15

Objavljeno

17-12-2025 - 23:15