Cross-Site Scripting Vulnerability in FUEL CMS by Daylight Studio
CVE-2020-23721
5.4MEDIUM
What is CVE-2020-23721?
A security issue exists in FUEL CMS version 1.4.7 that allows an attacker to execute arbitrary JavaScript code via a specially crafted URL. By manipulating the request parameters in '/fuelCM/fuel/pages/edit/1?lang=english', an attacker can successfully bypass existing input filters, potentially leading to data theft or session hijacking scenarios. This vulnerability highlights the importance of implementing rigorous input validation and output encoding practices to safeguard against XSS attacks.