Wbce Cms

wbce_cms

Vendor: Wbce • 40 CVEs

CVEs (40)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-45036 1Wbce 1Wbce Cms Apr 25, 2025 Nov 25, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field.
CVE-2022-45017 1Wbce 1Wbce Cms Apr 29, 2025 Nov 21, 2022 N/A· v4 4.8 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field.
CVE-2022-45016 1Wbce 1Wbce Cms Apr 29, 2025 Nov 21, 2022 N/A· v4 4.8 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field.
CVE-2022-45015 1Wbce 1Wbce Cms Apr 29, 2025 Nov 21, 2022 N/A· v4 4.8 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field.
CVE-2022-45014 1Wbce 1Wbce Cms Apr 29, 2025 Nov 21, 2022 N/A· v4 4.8 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field.
CVE-2022-45013 1Wbce 1Wbce Cms Apr 29, 2025 Nov 21, 2022 N/A· v4 4.8 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field.
CVE-2022-45012 1Wbce 1Wbce Cms Apr 29, 2025 Nov 21, 2022 N/A· v4 4.8 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field.
CVE-2022-4006 1Wbce 1Wbce Cms Nov 21, 2024 Nov 15, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by this issue is the function increase_attempts of the file wbce/framework/class.login.php of the component Header Handler. The m...Show more A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by this issue is the function increase_attempts of the file wbce/framework/class.login.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack may be launched remotely. The name of the patch is d394ba39a7bfeb31eda797b6195fd90ef74b2e75. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213716.Show less
CVE-2022-30072 1Wbce 1Wbce Cms Nov 21, 2024 May 17, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namesection2 parameters.
CVE-2022-30073 1Wbce 1Wbce Cms Nov 21, 2024 May 17, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/users/save.php.
CVE-2022-28477 1Wbce 1Wbce Cms Nov 21, 2024 Apr 28, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS).
CVE-2022-25101 1Wbce 1Wbce Cms Nov 21, 2024 Feb 24, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-25099 1Wbce 1Wbce Cms Nov 21, 2024 Feb 24, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2021-3817 1Wbce 1Wbce Cms Nov 21, 2024 Dec 9, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
CVE-2019-17575 1Wbce 1Wbce Cms Nov 21, 2024 Oct 14, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privileges to rename a media filename and extension. (For example: pla...Show more A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privileges to rename a media filename and extension. (For example: place PHP code in a .jpg file, and then change the file's base name to filename.ph and change the file's extension to p. Because of concatenation, the name is then treated as filename.php.) At the result, remote attackers can execute arbitrary PHP code.Show less
CVE-2018-6313 1Wbce 1Wbce Cms Nov 21, 2024 Jan 25, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118.
CVE-2017-1000213 1Wbce 1Wbce Cms May 13, 2026 Nov 17, 2017 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search
CVE-2017-2120 1Wbce 1Wbce Cms May 13, 2026 Apr 28, 2017 N/A· v4 7.2 HIGH· v3 6.0 MEDIUM· v2 SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-2119 1Wbce 1Wbce Cms May 13, 2026 Apr 28, 2017 N/A· v4 8.6 HIGH· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2017-2118 1Wbce 1Wbce Cms May 13, 2026 Apr 28, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Previous 12