Thedaylightstudio: Security Vulnerabilities
A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-05-03
Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-04-11
A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-02-24
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items
CVSS Score
9.8
EPSS Score
0.012
Published
2021-09-09
FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability
CVSS Score
6.5
EPSS Score
0.002
Published
2021-09-09
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items
CVSS Score
8.8
EPSS Score
0.002
Published
2021-09-09
Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php
CVSS Score
5.3
EPSS Score
0.002
Published
2021-09-09
A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle attack such as phishing.
CVSS Score
8.1
EPSS Score
0.004
Published
2021-08-09
An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS payload and bypass a filter via /fuelCM/fuel/pages/edit/1?lang=english.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-03-10
An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the "id" and "fuel_id" parameters.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-03-10