WBCE CMS Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in WBCE CMS version 1.6.1. This vulnerability allows authenticated attackers to inject malicious JavaScript into page content via the WYSIWYG editor. The injected scripts are executed when users view the affected page. Exploitation involves sending POST requests to '/wbce/modules/wysiwyg/save.php' with the malicious script included in the content parameter.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page.

Reproduction

To reproduce this vulnerability, an authenticated user can upload a malicious SVG file containing JavaScript into the media section. After the file is uploaded, the JavaScript will execute when the SVG file is accessed. Alternatively, the vulnerability can be reproduced by adding a new page and inserting a script tag into the page content through the WYSIWYG editor. Once the page is saved and viewed, the injected script will execute.