CVE-2017-16514

Name of the Vulnerable Software and Affected Versions: WebsiteBaker version 2.10.0

Description: The issue concerns multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities. These vulnerabilities are located in the files /wb/admin/admintools/tool.php, related to the Droplet Description, and /install/index.php, related to the Site Title. They allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas of the application.

Recommendations: For WebsiteBaker version 2.10.0, as a temporary workaround, consider restricting access to the files /wb/admin/admintools/tool.php and /install/index.php to minimize the risk of exploitation. Avoid using the Droplet Description and Site Title fields in the affected areas until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.