CVE-2023-53901

MEDIUM WAF: Medium

CVSS 6.1 Published: 2025-12-16

CWE-601

WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image requests.

WAF Coverage Analysis

Open Redirect Medium WAF Coverage

OWASP: A01:2021 Broken Access Control

941xxx - XSS / XXE

Affected Software

Vendor	Product	Version
wbce	wbce_cms	1.6.1

References

wbce-cms.org (Product)
www.exploit-db.com (Exploit, Third Party Advisory, VDB Entry)
www.vulncheck.com (Third Party Advisory)

Back to CVE Database