CVE-2019-15228

MEDIUM

Thedaylightstudio Fuel Cms < 1.4.4 - XSS

Title source: rule

Description

FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.

References (2)

[Exploit, Third Party Advisory] https://www.sevenlayers.com/index.php/237-fuelcms-1-4-4-xss

[Exploit, Third Party Advisory] https://github.com/daylightstudio/FUEL-CMS/issues/536

Scores

CVSS v3 5.4

EPSS 0.0042

EPSS Percentile 62.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

thedaylightstudio/fuel_cms < 1.4.4

Published Aug 20, 2019

Tracked Since Feb 18, 2026