Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Website Baker XSS
Stored Cross Site Scripting (XSS)
Website Baker CMS
Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities
in the files /wb/admin/admintools/tool.php (Droplet Description) and
/install/index.php (Site Title) in WebsiteBaker 2.10.0 allow
attackers to insert persistent JavaScript code that gets reflected
back to users in multiple areas in the application.
The vendor was informed about the vulnerabilities but lacks fixing also already known vulnerabilities.
Affected Product Code Base
Website Baker - 2.10.0
Affected Components:
Attackers are able to insert persistent JavaScript code into the
application by abusing unfiltered form fields.
Sample Payload:
Assigned CVE:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment