Security Advisory

CVE-2023-53910

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-17 22:44:47
Last updated 2026-04-07 14:07:31
Assigner VulnCheck
State PUBLISHED

Description

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script content in the content parameter to execute JavaScript when users view the affected page.