CVE-2023-46054: XSS
First published: Sat Oct 21 2023(Updated: )
Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wbce CMS | <=1.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-46054?
The severity of CVE-2023-46054 is medium.
How does the Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before work?
An attacker can escalate privileges by injecting a crafted script into the website_footer parameter in the admin/settings/save.php component.
Does CVE-2023-46054 affect WBCE CMS version 1.6.1?
Yes, WBCE CMS version 1.6.1 is affected by CVE-2023-46054.
Is there a fix for CVE-2023-46054?
A fix or a security update may be provided by the vendor. It is recommended to regularly check for updates and apply them as soon as they are available.
What is the Common Weakness Enumeration (CWE) of CVE-2023-46054?
The Common Weakness Enumeration (CWE) of CVE-2023-46054 is CWE-79 (Cross-Site Scripting).
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/wbce
- canonical/wbce cms
- version/wbce cms/1.6.1