/gist:13df19c04c7e86c0f5256b91376d593a

## gistfile1.txt
Stored Cross Site Scripting (XSS)
Website Baker CMS

Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities
in the files /wb/admin/admintools/tool.php (Droplet Description) and
/install/index.php (Site Title) in WebsiteBaker 2.10.0 allow
attackers to insert persistent JavaScript code that gets reflected
back to users in multiple areas in the application.

The vendor was informed about the vulnerabilities but lacks fixing also already known vulnerabilities.

Affected Product Code Base
Website Baker - 2.10.0

Affected Components:
/wb/admin/admintools/tool.php
/install/index.php

Attackers are able to insert persistent JavaScript code into the
application by abusing unfiltered form fields.

Sample Payload:
<script>alert(document.location)</script>

Assigned CVE:
CVE-2017-16514
	Stored Cross Site Scripting (XSS)
	Website Baker CMS

	Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities
	in the files /wb/admin/admintools/tool.php (Droplet Description) and
	/install/index.php (Site Title) in WebsiteBaker 2.10.0 allow
	attackers to insert persistent JavaScript code that gets reflected
	back to users in multiple areas in the application.

	The vendor was informed about the vulnerabilities but lacks fixing also already known vulnerabilities.

	Affected Product Code Base
	Website Baker - 2.10.0

	Affected Components:
	/wb/admin/admintools/tool.php
	/install/index.php

	Attackers are able to insert persistent JavaScript code into the
	application by abusing unfiltered form fields.

	Sample Payload:
	<script>alert(document.location)</script>

	Assigned CVE:
	CVE-2017-16514