CVE-2023-53884
MEDIUMWebedition CMS v2.9.8.8 - XSS
Title source: llmDescription
Webedition CMS v2.9.8.8 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the media upload feature to inject and execute arbitrary scripts when the file is viewed by other users.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Mirabbas Ağalarov · textwebappsphp
https://www.exploit-db.com/exploits/51662
Scores
CVSS v3
5.4
EPSS
0.0006
EPSS Percentile
18.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
Webedition/Webedition CMS
2.9.8.8
webedition/webedition_cms
2.9.8.8
Published
Dec 15, 2025
Tracked Since
Feb 18, 2026