WebBoss.io CMS Perssistent (Stored) XSS


Vendor WebBoss.io
Product WebBoss.io CMS
Affected Version(s) incl
Vulnerability Discovery May 22, 2023
Vendor Notification May 22, 2023
Advisory Publication July 22, 2023 [without technical details]
Vendor Fix Patched in version
Public Disclosure 22, July 2023
Latest Modification 02, Aug, 2023
CVE Identifier(s) CVE-2023-39097
Product Description WebBoss.io CMS is a comprehensive website building platform that helps you seamlessly integrate ecommerce and create responsive websites faster. WebBoss gets your site up and running faster than other platforms of its kind. Whether you need to create e-commerce sites, blogs, or brochure sites, WebBoss has your back.
Credits Steven Black, Security Analyst, Researcher & Penetration Tester @n0tst3

Vulnerability Details

Reflected Cross-Site Scripting (XSS) Vulnerability
Severity: Medium CVSS Score: 8.0 CWE-ID: CWE-79 Status: Unpatched
Vulnerability Description
WebBoss.io CMS v3.7.0.1 was discovered to contain a Persistent (Stored) Cross Site Scripting (XSS) Vulnerability [Technical Details Withheld]
CVSS Base Score
Attack Vector Network Scope N/A
Attack Complexity Low Confidentiality Impact Low
Privileges Required None Integrity Impact Low
User Interaction Required Availability Impact None


WebBoss.io CMS Contains a Persistent (Stored) Cross-Site Scripting (XSS) vulnerability due to the lack of input validation and output encoding.