Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Website Baker XSS
Stored Cross Site Scripting (XSS)
Website Baker CMS
Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities
in the files /wb/admin/admintools/tool.php (Droplet Description) and
/install/index.php (Site Title) in WebsiteBaker 2.10.0 allow
attackers to insert persistent JavaScript code that gets reflected
back to users in multiple areas in the application.
The vendor was informed about the vulnerabilities but lacks fixing also already known vulnerabilities.
Affected Product Code Base
Website Baker - 2.10.0
Affected Components:
/wb/admin/admintools/tool.php
/install/index.php
Attackers are able to insert persistent JavaScript code into the
application by abusing unfiltered form fields.
Sample Payload:
<script>alert(document.location)</script>
Assigned CVE:
CVE-2017-16514
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.