CVE-2022-45040

Name of the Vulnerable Software and Affected Versions WBCE CMS version 1.5.4

Description A cross-site scripting (XSS) issue in the /admin/pages/sections save.php file allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field. This can lead to the execution of malicious code on the victim's browser.

Recommendations For WBCE CMS version 1.5.4, as a temporary workaround, consider restricting access to the /admin/pages/sections save.php file until a patch is available. Avoid using the Name Section field in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.