CVE-2019-15228

FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.
References
Link Resource
https://www.sevenlayers.com/index.php/237-fuelcms-1-4-4-xss Exploit Third Party Advisory
https://github.com/daylightstudio/FUEL-CMS/issues/536 Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:thedaylightstudio:fuel_cms:*:*:*:*:*:*:*:*

Information

Published : 2019-08-19 17:15

Updated : 2019-08-26 06:46


NVD link : CVE-2019-15228

Mitre link : CVE-2019-15228


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

thedaylightstudio

  • fuel_cms