Browse all 3 CVE security advisories affecting bww. AI-powered Chinese analysis, POCs, and references for each vulnerability.
BWW operates as a web application platform primarily serving content management and e-commerce functions. Historically, the organization has faced vulnerabilities across multiple classes, including remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and misconfigured access controls. While no major public security incidents have been widely documented, the presence of three CVEs indicates ongoing security challenges. The platform's architecture typically involves multiple interconnected components, increasing potential attack surfaces. Security researchers have noted that BWW's historical vulnerabilities frequently relate to inadequate sanitization of user inputs and insufficient authentication mechanisms in administrative interfaces.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-14120 | URL Image Importer <= 1.0.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — URL Image ImporterCWE-79 | 6.4 | Medium | 2026-01-06 |
| CVE-2025-12138 | URL Image Importer <= 1.0.6 - Authenticated (Author+) Arbitrary File Upload — URL Image ImporterCWE-434 | 8.8 | High | 2025-11-21 |
This page lists every published CVE security advisory associated with bww. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.