WebBoss.io CMS Persistent (Stored) XSS 2023

CVE-2023-39096

Vendor	WebBoss.io
Product	WebBoss.io CMS
Affected Version(s)	incl 3.7.0.1
Vulnerability Discovery	May 22, 2023
Vendor Notification	May 22, 2023
Advisory Publication	03, Aug, 2023 [without technical details]
Vendor Fix	Unpatched
Public Disclosure	03, Aug, 2023
Latest Modification	03, Aug, 2023
CVE Identifier(s)	CVE-2023-39096
Product Description	WebBoss.io CMS is a comprehensive website building platform that helps you seamlessly integrate ecommerce and create responsive websites faster. WebBoss gets your site up and running faster than other platforms of its kind. Whether you need to create e-commerce sites, blogs, or brochure sites, WebBoss has your back.
Credits	Steven Black, Security Analyst, Researcher & Penetration Tester @n0tst3

Vulnerability Details

Reflected Cross-Site Scripting (XSS) Vulnerability
Severity: Medium	CVSS Score: 8.0	CWE-ID: CWE-79	Status: Unpatched
Vulnerability Description
WebBoss.io CMS v3.7.0.1 was discovered to contain a Persistent (Stored) Cross Site Scripting (XSS) Vulnerability [Technical Details Withheld]
CVSS Base Score
Attack Vector	Network	Scope	N/A
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	Low
User Interaction	Required	Availability Impact	None

Description

WebBoss.io CMS 3.7.0.1 Contains a Persistent (Stored) Cross-Site Scripting (XSS) vulnerability due to the lack of input validation and output encoding.

Top