CVE-2022-45013 is a cross-site scripting (XSS) vulnerability identified in the Show Advanced Option module of WBCE CMS version 1.5.4. This vulnerability arises due to insufficient input sanitization or output encoding of user-supplied data in the Section Header field. An attacker can craft a malicious payload containing arbitrary web scripts or HTML and inject it into this field. When a legitimate user or administrator views the affected section, the injected script executes in their browser context, potentially leading to session hijacking, defacement, or redirection to malicious sites. The vulnerability is categorized under CWE-79, indicating improper neutralization of input during web page generation. The CVSS v3.1 base score is 4.8 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring high privileges (PR:H), user interaction (UI:R), scope changed (S:C), and low impact on confidentiality and integrity (C:L, I:L), with no impact on availability (A:N). Notably, exploitation requires the attacker to have high privileges within the CMS and the victim to interact with the malicious content, which limits the attack surface but does not eliminate risk. No known exploits are reported in the wild, and no patches or vendor details are provided in the source information. The vulnerability affects WBCE CMS, an open-source content management system, which is used primarily by small to medium-sized organizations for website management and content publishing.

For European organizations using WBCE CMS version 1.5.4, this XSS vulnerability can lead to unauthorized script execution within the context of the CMS administrative interface or public-facing pages, depending on where the Section Header field is rendered. Potential impacts include theft of authentication cookies or tokens, enabling attackers to escalate privileges or maintain persistence, defacement of websites, or redirection of users to phishing or malware-laden sites. Given the requirement for high privileges to inject the payload, the threat is more significant in environments where multiple users have administrative access or where internal accounts may be compromised. The scope change in the CVSS vector suggests that exploitation could affect resources beyond the initially vulnerable component, potentially impacting other parts of the CMS or integrated systems. European organizations relying on WBCE CMS for public-facing websites or intranet portals may face reputational damage, data leakage, or disruption of services. Although no availability impact is noted, the integrity and confidentiality risks remain relevant, especially for organizations handling sensitive or regulated data under GDPR. The lack of known exploits reduces immediate risk but does not preclude targeted attacks or exploitation by skilled adversaries.

1. Immediate mitigation should include restricting administrative access to the WBCE CMS to trusted personnel only and enforcing strong authentication mechanisms to reduce the risk of privilege abuse. 2. Implement Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in the browser context, thereby mitigating the impact of injected scripts. 3. Sanitize and validate all user inputs rigorously, especially in the Section Header field, using server-side filtering and output encoding to neutralize malicious payloads. 4. Monitor CMS logs for unusual activity or injection attempts, focusing on changes to the Section Header field or other advanced options. 5. If possible, upgrade to a patched version of WBCE CMS once available or apply community-developed patches addressing this vulnerability. 6. Educate CMS administrators and users about the risks of XSS and the importance of cautious interaction with CMS content, especially when prompted to interact with advanced options. 7. Employ web application firewalls (WAFs) configured to detect and block typical XSS payloads targeting WBCE CMS. 8. Conduct regular security assessments and penetration testing focused on CMS components to identify and remediate similar vulnerabilities proactively.