5 matches found
CVE-2022-28599
A stored cross-site scripting XSS vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack...
CVE-2022-28599
A stored cross-site scripting XSS vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack...
CVE-2022-28599
CVE-2022-28599 affects FUEL-CMS 1.5.1. The vulnerability is a stored XSS where an authenticated user can upload a malicious .pdf file that acts as the payload; if an administrator triggers it, a stored XSS attack occurs. The provided documents do not specify a patch version or remediation steps. ...
CVE-2021-44607
A Cross Site Scripting XSS vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file...
CVE-2021-44607
A Cross Site Scripting XSS vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file...