Filtered by vendor Thedaylightstudio
Subscribe
Search
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28599 | 1 Thedaylightstudio | 1 Fuel Cms | 2022-05-10 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack. | |||||
| CVE-2021-38725 | 1 Thedaylightstudio | 1 Fuel Cms | 2021-09-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php | |||||
| CVE-2021-38721 | 1 Thedaylightstudio | 1 Fuel Cms | 2021-09-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability | |||||
| CVE-2020-23721 | 1 Thedaylightstudio | 1 Fuel Cms | 2021-03-12 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS payload and bypass a filter via /fuelCM/fuel/pages/edit/1?lang=english. | |||||
| CVE-2020-28705 | 1 Thedaylightstudio | 1 Fuel Cms | 2021-03-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a page via a post ID to /pages/delete/3. | |||||
| CVE-2020-26046 | 1 Thedaylightstudio | 1 Fuel Cms | 2021-01-08 | 4.3 MEDIUM | 5.4 MEDIUM |
| FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account and also impact other visitors. | |||||
| CVE-2019-15228 | 1 Thedaylightstudio | 1 Fuel Cms | 2019-08-26 | 3.5 LOW | 5.4 MEDIUM |
| FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors. | |||||
| CVE-2018-20136 | 1 Thedaylightstudio | 1 Fuel Cms | 2019-01-03 | 3.5 LOW | 4.8 MEDIUM |
| XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI. | |||||
| CVE-2018-20137 | 1 Thedaylightstudio | 1 Fuel Cms | 2019-01-03 | 3.5 LOW | 4.8 MEDIUM |
| XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated by the pages/edit/1?lang=english URI. | |||||