Stored Cross-Site Scripting Vulnerability in WBCE CMS by WBCE
CVE-2023-53909

5.1MEDIUM

Key Information:

Vendor: Wbce-cms
Status: Wbce Cms
Vendor: CVE Published:; 17 December 2025

Badges

👾 Exploit Exists

What is CVE-2023-53909?

The WBCE CMS 1.6.1 software is impacted by a stored cross-site scripting flaw. This vulnerability enables authenticated attackers to upload malicious SVG files containing harmful JavaScript through the media manager. When users access these injected files, the embedded scripts can execute, potentially compromising user data and system integrity.

Affected Version(s)

WBCE CMS 1.6.1

References

https://www.exploit-db.com/exploits/51484

exploit

https://wbce-cms.org/

product

https://www.vulncheck.com/advisories/wbce-cms-svg-file-co...

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Dec 17, 2025
👾
Exploit known to exist
Dec 17, 2025
Vulnerability published
Dec 17, 2025
Vulnerability Reserved
Dec 16, 2025

Credit

Mirabbas Ağalarov

JSON

Wbce-cms