PT-2025-51302 · Unknown · Webedition Cms
Mirabbas Ağalarov
·
Published
2025-12-15
·
Updated
2025-12-21
·
CVE-2023-53884
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Webedition CMS version 2.9.8.8
Description
Webedition CMS version 2.9.8.8 contains a stored cross-site scripting issue. Authenticated users can upload malicious SVG files containing JavaScript through the media upload feature. When these crafted SVG files are viewed by other users, the embedded scripts are executed, allowing for arbitrary script injection. The issue involves uploading SVG files with embedded JavaScript code.
Recommendations
Update to a newer version that contains a fix for this vulnerability.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Webedition Cms