CVE-2023-3783— Webile HTTP POST Request cross site scripting

CVSS 3.5 · Low EPSS 0.10% · P28 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-3783

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Webile HTTP POST Request cross site scripting

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability was found in Webile 1.0.1. It has been classified as problematic. Affected is an unknown function of the component HTTP POST Request Handler. The manipulation of the argument new_file_name/c leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-235050 is the identifier assigned to this vulnerability.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Webile 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

webileapps Webile是webileapps公司的一个应用系统。 Webile 1.0.1版本存在跨站脚本漏洞，该漏洞源于组件HTTP POST Request Handler的参数new_file_name/c会导致跨站脚本。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	Webile	1.0.1	-

II. Public POCs for CVE-2023-3783

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-3783

请登录查看更多情报信息。

https://seclists.org/fulldisclosure/2023/Jul/38exploitmailing-list
https://vuldb.com/?id.235050vdb-entrytechnical-description
https://vuldb.com/?ctiid.235050signaturepermissions-required
https://www.vulnerability-lab.com/get_content.php?id=2321related
https://nvd.nist.gov/vuln/detail/CVE-2023-3783

Same Patch Batch · n/a · 2023-07-20 · 24 CVEs total

CVE-2023-30200	7.5 HIGH	PrestaShop 路径遍历漏洞
CVE-2023-3800	3.9 LOW	EasyAdmin8 File Upload Module index.html unrestricted upload
CVE-2023-37728		Icewarp Icearp 跨站脚本漏洞
CVE-2023-37645		EyouCms 安全漏洞
CVE-2020-24275		Swoole 注入漏洞
CVE-2021-39425		SeedDMS 输入验证错误漏洞
CVE-2023-31753		eNdonesia SQL注入漏洞
CVE-2023-34625		ShowMojo MojoBox Digital Lockbox 安全漏洞
CVE-2023-37649		Cockpit CMS 安全漏洞
CVE-2023-37650		Cockpit CMS 跨站请求伪造漏洞
CVE-2021-45094		Imprivata Privileged Access Management 跨站脚本漏洞
CVE-2023-31461		SteelSeries GG 路径遍历漏洞
CVE-2023-31462		SteelSeries GG 安全漏洞
CVE-2023-38334		Omnis Studio 安全漏洞
CVE-2023-38335		Omnis Studio 安全漏洞
CVE-2023-37164		Diafan CMS 跨站脚本漏洞
CVE-2023-37165		Millhouse-Project SQL注入漏洞
CVE-2023-37600		MobiSystems Office Suite Premium 跨站脚本漏洞
CVE-2023-37601		MobiSystems Office Suite Premium 路径遍历漏洞
CVE-2023-37602		Alkacon Software OpenCMS 跨站脚本漏洞

Showing top 20 of 24 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Webile

CVE-2022-50950
Webile 1.0.1 Directory Traversal Vulnerability via Web Appli

Same vendor: n/a

Same weakness: CWE-79

V. Comments for CVE-2023-3783

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-3783— Webile HTTP POST Request cross site scripting

I. Basic Information for CVE-2023-3783

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-3783

III. Intelligence Information for CVE-2023-3783

Same Patch Batch · n/a · 2023-07-20 · 24 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-3783

Leave a comment