CVE-2022-45037 is a cross-site scripting (XSS) vulnerability identified in the WBCE CMS version 1.5.4, specifically within the /admin/users/index.php component. This vulnerability arises due to insufficient sanitization or encoding of user-supplied input in the Display Name field, allowing an attacker to inject malicious scripts or HTML payloads. When an administrator or user with access to the affected page views the injected content, the malicious script executes in their browser context. The vulnerability is classified under CWE-79, indicating a classic reflected or stored XSS issue. The CVSS 3.1 base score of 5.4 reflects a medium severity level, with an attack vector of network (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), and user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact affects confidentiality and integrity to a limited extent (C:L, I:L), but does not impact availability (A:N). No known exploits have been reported in the wild, and no official patches or vendor advisories are currently available. The vulnerability requires an attacker to have at least some level of privilege (likely authenticated user with access to the admin interface) and to trick a user into interacting with the malicious payload, which limits the ease of exploitation but does not eliminate risk. The vulnerability could be leveraged for session hijacking, privilege escalation, or delivering further malicious payloads within the administrative context of WBCE CMS installations.

For European organizations using WBCE CMS version 1.5.4, this vulnerability poses a moderate risk primarily to the confidentiality and integrity of administrative sessions and data. Successful exploitation could allow attackers to execute arbitrary scripts in the context of an administrator, potentially leading to unauthorized access to sensitive user information, modification of site content, or further compromise of the CMS environment. Given that WBCE CMS is a content management system, organizations relying on it for public-facing websites or internal portals could face reputational damage, data leakage, or defacement. The requirement for authenticated access and user interaction reduces the likelihood of widespread automated exploitation but does not preclude targeted attacks, especially against organizations with less stringent access controls or user training. The vulnerability's impact is more pronounced in sectors where the CMS is used to manage sensitive or regulated data, such as government, healthcare, or financial services within Europe.

Organizations should immediately audit their WBCE CMS installations to identify version 1.5.4 deployments and restrict administrative access to trusted personnel only. As no official patch is currently available, administrators should implement input validation and output encoding on the Display Name field within the /admin/users/index.php page to neutralize malicious scripts. Employing web application firewalls (WAFs) with custom rules to detect and block typical XSS payloads targeting this endpoint can provide interim protection. Additionally, enforcing multi-factor authentication (MFA) for administrative accounts reduces the risk of compromised credentials being exploited. Regularly monitoring logs for unusual activity or repeated failed attempts to inject scripts can help detect exploitation attempts early. Organizations should also consider isolating the CMS administrative interface behind VPNs or IP whitelisting to limit exposure. Finally, maintaining user awareness training focused on recognizing phishing or social engineering attempts that could deliver malicious payloads is critical.