Consent Popup - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-017

The Consent Popup provides a configurable popup that requires acceptance of a question before the visitor can continue, typically used for age consent. The module doesn't sufficiently sanitizes the text on the block leading to a cross site scripting XSS vulnerability. This vulnerability is...

CVE-2019-15229

FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...

CVE-2019-15229

FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...

Design/Logic Flaw

FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors...

CVE-2019-15229

FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...

CVE-2019-15229

FUEL CMS 1.4.4 is affected by a CSRF flaw in the Admin console’s blocks/create/Create Blocks section. The vulnerability allows an attacker to trick an administrator into executing arbitrary code by requesting a crafted HTML page. Root cause: CSRF in the blocks/create path. Impact is described as ...

FUEL CMS Cross-Site Scripting Vulnerability (CNVD-2019-41832)

FUEL CMS is a content management system CMS based on the Codelgniter framework. A cross-site scripting vulnerability exists in the Create Blocks section of the Admin console in FUEL CMS version 1.4.4, which stems from a lack of proper validation of client-side data in the WEB application and can ...