exploitDog

CVE-2019-15228

Опубликовано: 20 авг. 2019

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.

Ссылки

https://github.com/daylightstudio/FUEL-CMS/issues/536
Exploit
Third Party Advisory
https://www.sevenlayers.com/index.php/237-fuelcms-1-4-4-xss
Exploit
Third Party Advisory
https://github.com/daylightstudio/FUEL-CMS/issues/536
Exploit
Third Party Advisory
https://www.sevenlayers.com/index.php/237-fuelcms-1-4-4-xss
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:thedaylightstudio:fuel_cms:*:*:*:*:*:*:*:*

Версия до 1.4.4 (включая)

EPSS

Процентиль: 61%

0.0042

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-j368-v454-frrv

CVSS3: 5.4

github

больше 3 лет назад

FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.

EPSS

Процентиль: 61%

0.0042

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79