Описание
FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account and also impact other visitors.
Ссылки
- Product
- ExploitThird Party Advisory
- Product
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:thedaylightstudio:fuel_cms:1.4.11:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00327
Низкий
5.4 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account and also impact other visitors.
EPSS
Процентиль: 55%
0.00327
Низкий
5.4 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79