PT-2023-29016 · Wbce · Wbce
Romanhu
·
Published
2023-09-28
·
Updated
2023-11-08
·
CVE-2023-43871
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WBCE version 1.6.1
Description
A File upload vulnerability allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
Recommendations
For WBCE version 1.6.1, consider restricting file uploads to prevent exploitation until a patch is available. As a temporary workaround, restrict access to file upload functionality to minimize the risk of Cross Site Scripting (XSS) attacks.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wbce