CVE-2023-53901

Name of the Vulnerable Software and Affected Versions WBCE CMS version 1.6.1

Description WBCE CMS version 1.6.1 contains a cross-site scripting issue that enables attackers to inject malicious HTML and CSS. This allows for the capture of user keystrokes. Attackers can upload a specially crafted HTML file utilizing CSS-based keylogging techniques to intercept password characters through background image requests. The vulnerable functionality involves the uploading of HTML files, which can then execute malicious code in a user's browser.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.