Описание
Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:gleezcms:gleez_cms:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:gleezcms:gleez_cms:2.0:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00229
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
EPSS
Процентиль: 45%
0.00229
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79