First published: Thu Sep 28 2023(Updated: )
A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Wbce Wbce Cms | =1.6.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-43871 is a file upload vulnerability in WBCE v.1.6.1 that allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
The severity of CVE-2023-43871 is medium with a CVSS score of 5.4.
CVE-2023-43871 affects WBCE CMS version 1.6.1.
To fix CVE-2023-43871, update WBCE CMS to a version that is not affected by this vulnerability.
More information about CVE-2023-43871 can be found at the following link: [https://github.com/sromanhu/WBCE-File-Upload--XSS---Media/blob/main/README.md](https://github.com/sromanhu/WBCE-File-Upload--XSS---Media/blob/main/README.md)