CVE-2023-53901

MEDIUM

WBCE CMS 1.6.1 - Stored Cross-Site Scripting via CSS Keylogging

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53901. PoCs published by Mirabbas Ağalarov.

AI-analyzed exploit summary This exploit demonstrates a CSS-based keylogging attack via an open redirect and CSRF vulnerability in WBCE CMS 1.6.1. It involves uploading an HTML file that exfiltrates keystrokes by triggering external requests when specific characters are typed in password fields.

Description

WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image requests.

Exploits (1)

exploitdb WORKING POC
by Mirabbas Ağalarov · textwebappsphp
https://www.exploit-db.com/exploits/51566

This exploit demonstrates a CSS-based keylogging attack via an open redirect and CSRF vulnerability in WBCE CMS 1.6.1. It involves uploading an HTML file that exfiltrates keystrokes by triggering external requests when specific characters are typed in password fields.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: WBCE CMS 1.6.1
Auth required
Prerequisites: Authenticated access to the CMS admin panel · Ability to upload HTML files via the media manager
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit
https://www.exploit-db.com/exploits/51566
Product product
https://wbce-cms.org/

Scores

CVSS v3 5.4
EPSS 0.0023
EPSS Percentile 13.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-601
Status published
Products (2)
None/WBCE CMS 1.6.1
wbce/wbce_cms 1.6.1
Published Dec 16, 2025
Tracked Since Feb 18, 2026