CVE-2023-53903

MEDIUM

WebsiteBaker 2.13.3 - Authenticated Stored Cross-Site Scripting via SVG File Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53903. PoCs published by Mirabbas Ağalarov.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in WebsiteBaker v2.13.3 by uploading a malicious SVG file containing JavaScript code. The SVG file, when accessed, executes the embedded script in the context of the user's session.

Description

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags that execute when the file is viewed, enabling persistent cross-site scripting attacks.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Mirabbas Ağalarov · textwebappsphp
https://www.exploit-db.com/exploits/51553

This exploit demonstrates a stored XSS vulnerability in WebsiteBaker v2.13.3 by uploading a malicious SVG file containing JavaScript code. The SVG file, when accessed, executes the embedded script in the context of the user's session.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WebsiteBaker v2.13.3
Auth required
Prerequisites: Valid user credentials · Access to the media upload functionality
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit
https://www.exploit-db.com/exploits/51553

Scores

CVSS v3 5.4
EPSS 0.0020
EPSS Percentile 10.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
websitebaker/websitebaker 2.13.3
websitebaker/WebsiteBaker 2.13.3
Published Dec 16, 2025
Tracked Since Feb 18, 2026