CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-53884

Webedition CMS v2.9.8.8 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the media upload feature to inject and execute arbitrary scripts when the file is viewed by other users.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 19.3%

CVSS Severity

CVSS v3 Score 5.4

References

https://www.exploit-db.com/exploits/51662
https://www.vulncheck.com/advisories/webedition-cms-v-stored-cross-site-scripting-via-svg-upload
https://www.webedition.org/
https://www.exploit-db.com/exploits/51662

Products affected by CVE-2023-53884

Webedition » Webedition Cms » Version: 2.9.8.8

cpe:2.3:a:webedition:webedition_cms:2.9.8.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-53884

Products

Pricing

Contact Us