Lucene search
+L

319 matches found

NVD
NVD
added 2025/02/12 10:15 p.m.9 views

CVE-2024-57605

Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components...

5.4CVSS0.00313EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.5 views

PT-2025-6754 · Daylight Studio · Fuel Cms

Name of the Vulnerable Software and Affected Versions: Daylight Studio Fuel CMS version 1.5.2 Description: The issue allows an attacker to escalate privileges through the "fuel/blocks/" and "fuel/pages/" components. This is a Cross Site Scripting issue that can be exploited to gain elevated acces...

5.4CVSS6.8AI score0.00313EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/02/12 12:0 a.m.7 views

CVE-2024-57605

Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components...

6.7AI score0.00313EPSS
Exploits1References1
CVE
CVE
added 2025/02/12 12:0 a.m.77 views

CVE-2024-57605

CVE-2024-57605 describes a Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v1.5.2 that allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components. The CVSS 3.1 base score is 5.4 (Medium) with network attack vector, low attack complexity, and privileg...

5.4CVSS6.8AI score0.00313EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/02/12 12:0 a.m.5 views

CVE-2024-57605

Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components...

5.4CVSS6.1AI score0.00313EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/02/12 12:0 a.m.15 views

CVE-2024-57605

Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components...

0.00313EPSS
Exploits1References1
NVD
NVD
added 2024/02/22 8:15 p.m.14 views

CVE-2024-25369

A reflected Cross-Site Scripting XSS vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the groupid parameter...

5.4CVSS5.8AI score0.00379EPSS
Exploits1References1
Prion
Prion
added 2024/02/22 8:15 p.m.13 views

Cross site scripting

A reflected Cross-Site Scripting XSS vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the groupid parameter...

6.2AI score0.00379EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/02/22 12:0 a.m.15 views

CVE-2024-25369

A reflected Cross-Site Scripting XSS vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the groupid parameter...

6AI score0.00379EPSS
Exploits1References1
CVE
CVE
added 2024/02/22 12:0 a.m.5851 views

CVE-2024-25369

This CVE concerns FUEL CMS 1.5.2, where a reflected XSS flaw exists in the group_id parameter that can allow an attacker to execute arbitrary code. The descriptions consistently attribute the issue to FUEL CMS 1.5.2 and do not provide concrete mitigation steps or a confirmed patched version withi...

5.4CVSS6AI score0.00379EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/02/22 12:0 a.m.6 views

FUEL CMS Security Vulnerability

FUEL CMS is a content management system CMS based on the Codelgniter framework. A security vulnerability exists in FUEL CMS version 1.5.2, which stems from a cross-site scripting XSS vulnerability. The vulnerability can be exploited to execute arbitrary code via the groupid parameter...

5.4CVSS6.6AI score0.00379EPSS
Exploits1References2
OSV
OSV
added 2024/02/22 12:0 a.m.8 views

CVE-2024-25369

A reflected Cross-Site Scripting XSS vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the groupid parameter...

5.4CVSS6AI score0.00379EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2023/08/11 3:30 p.m.20 views

Withdrawn Advisory: Daylight Studio FUEL-CMS SQLi Vulnerability

Withdrawn Advisory This advisory has been withdrawn because this vulnerability does not affect a package in a supported ecosystem. This link has been maintained to preserve external references. Original Description SQL Injection vulnerability in file Basemodulemodel.php in Daylight Studio FUEL-CM...

8.8CVSS9AI score0.01137EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2023/08/11 2:15 p.m.25 views

CVE-2020-24950

SQL Injection vulnerability in file Basemodulemodel.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function listitems...

8.8CVSS9.2AI score0.01137EPSS
Exploits1References1
Prion
Prion
added 2023/08/11 2:15 p.m.16 views

Sql injection

SQL Injection vulnerability in file Basemodulemodel.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function listitems...

6.5CVSS9.2AI score0.01137EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/08/11 12:0 a.m.48 views

CVE-2020-24950

Daylight Studio FUEL-CMS 1.4.9 is affected by a SQL injection in Base_module_model.php via the col parameter of list_items, enabling remote code execution. The CVSSv3.1 vector indicates Network attack, Low attack complexity, Privileges required: Low, No user interaction, with Confidentiality, Int...

8.8CVSS9.2AI score0.01137EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/11 12:0 a.m.10 views

CVE-2020-24950

SQL Injection vulnerability in file Basemodulemodel.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function listitems...

8.8AI score0.01137EPSS
Exploits1References1
NVD
NVD
added 2023/07/03 9:15 p.m.21 views

CVE-2020-22152

Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function...

5.4CVSS5.8AI score0.00576EPSS
Exploits1References1
NVD
NVD
added 2023/07/03 9:15 p.m.20 views

CVE-2020-22151

Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function...

9.8CVSS9.6AI score0.01453EPSS
Exploits1References1
OSV
OSV
added 2023/07/03 9:15 p.m.23 views

CVE-2020-22151

Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function...

9.8CVSS8.1AI score
Exploits0References1
Rows per page
Query Builder