Wbce CMS
by Wbce
Source repositories
CVEs (34)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-29855 | 0.00 | — | 0.01 | Apr 18, 2023 | WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php. | |||
| CVE-2022-45037 | 0.00 | — | 0.01 | Nov 25, 2022 | A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field. | |||
| CVE-2022-45036 | 0.00 | — | 0.00 | Nov 25, 2022 | A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field. | |||
| CVE-2022-45038 | 0.00 | — | 0.01 | Nov 25, 2022 | A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. | |||
| CVE-2022-45040 | 0.00 | — | 0.00 | Nov 25, 2022 | A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field. | |||
| CVE-2022-45013 | 0.00 | — | 0.00 | Nov 21, 2022 | A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field. | |||
| CVE-2022-45016 | 0.00 | — | 0.00 | Nov 21, 2022 | A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field. | |||
| CVE-2022-45012 | 0.00 | — | 0.00 | Nov 21, 2022 | A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field. | |||
| CVE-2022-45014 | 0.00 | — | 0.00 | Nov 21, 2022 | A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field. | |||
| CVE-2022-45015 | 0.00 | — | 0.00 | Nov 21, 2022 | A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field. | |||
| CVE-2022-4006 | 0.00 | — | 0.01 | Nov 15, 2022 | A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by this issue is the function increase_attempts of the file wbce/framework/class.login.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to… | |||
| CVE-2022-30072 | 0.00 | — | 0.01 | May 17, 2022 | WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namesection2 parameters. | |||
| CVE-2022-28477 | 0.00 | — | 0.01 | Apr 28, 2022 | WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS). | |||
| CVE-2022-25101 | 0.00 | — | 0.01 | Feb 23, 2022 | A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. |
- CVE-2023-29855Apr 18, 2023risk 0.00cvss —epss 0.01
WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php.
- CVE-2022-45037Nov 25, 2022risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.
- CVE-2022-45036Nov 25, 2022risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field.
- CVE-2022-45038Nov 25, 2022risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.
- CVE-2022-45040Nov 25, 2022risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field.
- CVE-2022-45013Nov 21, 2022risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field.
- CVE-2022-45016Nov 21, 2022risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field.
- CVE-2022-45012Nov 21, 2022risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field.
- CVE-2022-45014Nov 21, 2022risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field.
- CVE-2022-45015Nov 21, 2022risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field.
- CVE-2022-4006Nov 15, 2022risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by this issue is the function increase_attempts of the file wbce/framework/class.login.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to…
- CVE-2022-30072May 17, 2022risk 0.00cvss —epss 0.01
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namesection2 parameters.
- CVE-2022-28477Apr 28, 2022risk 0.00cvss —epss 0.01
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS).
- CVE-2022-25101Feb 23, 2022risk 0.00cvss —epss 0.01
A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.
Page 2 of 2