Stored Cross-Site Scripting Vulnerability in FUEL CMS by Daylight Studio
CVE-2020-26046

5.4MEDIUM

Key Information:

Vendor: Thedaylightstudio
Status: Fuel Cms
Vendor: CVE Published:; 5 January 2021

🔔 Create Thedaylightstudio Vulnerability Alert

What is CVE-2020-26046?

FUEL CMS version 1.4.11 contains a stored XSS vulnerability within the Blocks, Navigation, and Site variables. This vulnerability allows an attacker with an authenticated account to inject malicious scripts into the platform. As a result, this may lead to unintended actions such as cookie theft and further exploitation against other users visiting the affected site. Proper security measures and patches are essential to mitigate these risks.

References

https://getfuelcms.com

x_refsource_MISC

https://github.com/daylightstudio/FUEL-CMS/issues/574

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 5, 2021
Vulnerability Reserved
Sep 24, 2020

CVE-2020-26046 Data

JSON