Thedaylightstudio: >> Fuel Cms >> 1.5.1 Security Vulnerabilities
A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-05-03
Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-04-11
A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-02-24