Security Research & Advisories

Reflected Cross-Site Scripting (XSS) Vulnerability in Weblication CMS

Product Weblication CMS
Affected Version(s) 17 and probably prior
Tested Version(s) 17
Vendor Notification 24 January 2023
Advisory Publication 24 January 2023 [without technical details]
Vendor Fix N/A
Public Disclosure 24 January 2023
Latest Modification 24 January 2023
CVE Identifier Pending
Product Description Das XML Content-Management-System
Credits Patrik Fabian Security Researcher & Penetration Tester @wizlynx group

Vulnerability Details

Reflected Cross-Site Scripting
Severity: Medium CVSS Score: 6.1 CWE-ID: CWE-79 Status: Open
Vulnerability Description
The application Weblication CMS is affected by a reflected Cross-Site Scripting (XSS) vulnerability affecting version 17 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML.
CVSS Base Score
Attack Vector Reflected Cross-Site Scripting Scope Changed
Attack Complexity Low Confidentiality Impact Low
Privileges Required None Integrity Impact Low
User Interaction Required Availability Impact None


Full details about the vulnerability will be disclosed once the vendor has provided a patch.