Cross Site Scripting Vulnerability in FUEL-CMS by Daylight Studio
CVE-2020-22152

5.4MEDIUM

Key Information:

Vendor: Thedaylightstudio
Status: Fuel Cms
Vendor: CVE Published:; 3 July 2023

🔔 Create Thedaylightstudio Vulnerability Alert

What is CVE-2020-22152?

The vulnerability in FUEL-CMS version 1.4.6 allows attackers to exploit Cross Site Scripting (XSS) through manipulated input fields, specifically the page title, meta description, and meta keywords. By injecting arbitrary JavaScript code, attackers can execute unauthorized actions or gain access to sensitive data. It is critical for users to update to secure versions to mitigate potential threats.

References

https://github.com/daylightstudio/FUEL-CMS/issues/552

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2023
Vulnerability Reserved
Aug 13, 2020

CVE-2020-22152 Data

JSON