CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-25369

A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the group_id parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 22.3%

CVSS Severity

CVSS v3 Score 5.4

References

https://github.com/liyako/vulnerability/blob/main/POC/FUEL%20CMS%20Reflected%20Cross-Site%20Scripting%20%28XSS%29.md
https://github.com/liyako/vulnerability/blob/main/POC/FUEL%20CMS%20Reflected%20Cross-Site%20Scripting%20%28XSS%29.md

Products affected by CVE-2024-25369

Thedaylightstudio » Fuel Cms » Version: 1.5.2

cpe:2.3:a:thedaylightstudio:fuel_cms:1.5.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-25369

Products

Pricing

Contact Us