Multiple Cross-Site Scripting Vulnerabilities in WebsiteBaker by WebsiteBaker
CVE-2014-9243

Currently unrated

Key Information:

Vendor: Websitebaker
Status: Websitebaker
Vendor: CVE Published:; 3 December 2014

🔔 Create Websitebaker Vulnerability Alert

What is CVE-2014-9243?

Multiple cross-site scripting (XSS) vulnerabilities within WebsiteBaker version 2.8.3 enable remote attackers to inject arbitrary web scripts or HTML. These vulnerabilities can be exploited through the QUERY_STRING parameter to wb/admin/admintools/tool.php, or via the section_id parameter in edit_module_files.php. Additionally, critical entry points include news/add_post.php, news/modify_group.php, news/modify_post.php, and news/modify_settings.php, all found within wb/modules/. As a result, untrusted inputs can lead to unauthorized scripts being executed in the context of users accessing the affected components.

References

http://packetstormsecurity.com/files/129140/WebsiteBaker-...

x_refsource_MISC

http://seclists.org/fulldisclosure/2014/Nov/44

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 3, 2014

JSON