CVE-2023-53910

Name of the Vulnerable Software and Affected Versions WBCE CMS version 1.6.1

Description WBCE CMS version 1.6.1 has a stored cross-site scripting issue. Authenticated attackers can inject malicious JavaScript by inserting script tags into page content using the WYSIWYG editor. Attackers can submit POST requests to the ''/wbce/modules/wysiwyg/save.php'' endpoint with malicious script content in the content parameter. This allows execution of JavaScript when users view the affected page.

Recommendations Update to a newer version of WBCE CMS that addresses this issue. As a temporary workaround, sanitize all user-supplied input before saving it to the database. Restrict access to the ''/wbce/modules/wysiwyg/save.php'' endpoint to trusted users only.