CVE-2023-39096: WebBoss.io CMS Persistent (Stored) XSS CVE-2023-39096 | RiSec Advisories

CVE-2023-39096

Vendor

WebBoss.io

Product

WebBoss.io CMS

Affected Version(s)

incl 3.7.0.1

Vulnerability Discovery

May 22, 2023

Vendor Notification

May 22, 2023

Advisory Publication

03, Aug, 2023 [without technical details]

Vendor Fix

Unpatched

Public Disclosure

03, Aug, 2023

Latest Modification

03, Aug, 2023

CVE Identifier(s)

CVE-2023-39096

Product Description

WebBoss.io CMS is a comprehensive website building platform that helps you seamlessly integrate ecommerce and create responsive websites faster. WebBoss gets your site up and running faster than other platforms of its kind. Whether you need to create e-commerce sites, blogs, or brochure sites, WebBoss has your back.

Credits

Steven Black, Security Analyst, Researcher & Penetration Tester @n0tst3

Reflected Cross-Site Scripting (XSS) Vulnerability

Severity: Medium

CVSS Score: 8.0

CWE-ID: CWE-79

Status: Unpatched

Vulnerability Description

WebBoss.io CMS v3.7.0.1 was discovered to contain a Persistent (Stored) Cross Site Scripting (XSS) Vulnerability [Technical Details Withheld]

CVSS Base Score

Attack Vector

Network

Scope

N/A

Attack Complexity

Low

Confidentiality Impact

Low

Privileges Required

None

Integrity Impact

Low

User Interaction

Required

Availability Impact

None

WebBoss.io CMS 3.7.0.1 Contains a Persistent (Stored) Cross-Site Scripting (XSS) vulnerability due to the lack of input validation and output encoding.

Top