PT-2025-52524 · Unknown · Websitebaker
Mirabbas Ağalarov
·
Published
2025-12-19
·
Updated
2025-12-20
·
CVE-2023-53953
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WebsiteBaker version 2.13.3
Description
An authenticated user can inject malicious scripts when creating web pages, leading to the execution of arbitrary JavaScript when a page is viewed by other users. The issue is due to a stored cross-site scripting condition that occurs when crafting malicious payloads in page titles.
Recommendations
Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize all page titles to prevent the injection of malicious scripts.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Websitebaker