CVE-2019-15228

MEDIUM

FUEL CMS < 1.4.4 - Cross-Site Scripting in Create Blocks Section

Title source: llm
STIX 2.1

Description

FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.sevenlayers.com/index.php/237-fuelcms-1-4-4-xss
Exploit, Third Party Advisory x_refsource_misc
https://github.com/daylightstudio/FUEL-CMS/issues/536

Scores

CVSS v3 5.4
EPSS 0.0073
EPSS Percentile 50.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
thedaylightstudio/fuel_cms < 1.4.4
Published Aug 20, 2019
Tracked Since Feb 18, 2026