CVE-2023-53884 — MEDIUM (5.4)

Vulnerability Description

Webedition CMS v2.9.8.8 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the media upload feature to inject and execute arbitrary scripts when the file is viewed by other users.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Webedition	Webedition Cms	2.9.8.8

Related Weaknesses (CWE)

CWE-79

References

https://www.exploit-db.com/exploits/51662Exploit
https://www.vulncheck.com/advisories/webedition-cms-v-stored-cross-site-scriptinThird Party Advisory
https://www.webedition.org/Product
https://www.exploit-db.com/exploits/51662Exploit

FAQ

What is CVE-2023-53884?

CVE-2023-53884 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Webedition CMS v2.9.8.8 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG fi...

How severe is CVE-2023-53884?

CVE-2023-53884 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-53884?

Check the references section above for vendor advisories and patch information. Affected products include: Webedition Webedition Cms.