CVE-2023-53901

MEDIUM 5.4

WBCE CMS 1.6.1 Cross-Site Scripting and Open Redirect Vulnerability

CVSS Score

5.4

EPSS Score

0.0%

EPSS Percentile

0th

WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image requests.

CWE	CWE-601
Vendor	unknown
Product	wbce cms
Published	Dec 16, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for unknown wbce cms

Be the first to know when new medium vulnerabilities affecting unknown wbce cms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

Unknown / WBCE CMS

1.6.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/51566 wbce-cms.org: https://wbce-cms.org/ vulncheck.com: https://www.vulncheck.com/advisories/wbce-cms-cross-site-scripting-and-open-redirect-vulnerability

Credits

Mirabbas Ağalarov