PT-2022-27381 · Wbce Cms · Wbce Cms
Published
2022-11-25
·
Updated
2022-11-28
·
CVE-2022-45036
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WBCE CMS version 1.5.4
Description
A cross-site scripting (XSS) issue in the Search Settings module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the
No Results field.Recommendations
For WBCE CMS version 1.5.4, consider disabling the Search Settings module until a patch is available. Restrict access to the No Results field to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wbce Cms