CVE-2023-5287 LOW

CVE-2023-5287: BEECMS cross site scripting

Vendor N/A

Product BEECMS

Weakness CWE-79 · XSS

Published September 29, 2023

Last update September 23, 2024

View on NVD All CVEs

CVSS base score

2.4/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in BEECMS 4.0. This affects an unknown part of the file /admin/admin_content_tag.php?action=save_content. The manipulation of the argument tag leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240915. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Key dates

02Disclosure timeline

September 29, 2023 CVE published

September 23, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-5287 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-12369 Extensions for Leaflet Map <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-10552 Stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2025x CVE-2024-12160 Seraphinite Bulk Discounts for WooCommerce <= 2.4.6 - Reflected Cross-Site Scripting CVE-2025-12837 aThemes Addons for Elementor <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action Widget CVE-2024-51616 WordPress AwesomePress plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability