Cross-Site Scripting Vulnerability in FUEL-CMS by Daylight Studio

CVE-2021-44607

What is CVE-2021-44607?

A Cross-Site Scripting (XSS) vulnerability was identified in version 1.5.1 of FUEL-CMS, specifically affecting the Assets page when handling SVG files. An attacker can exploit this weakness to inject malicious scripts, potentially leading to unauthorized access and manipulation of user data. It is essential for users of FUEL-CMS to implement necessary security measures to safeguard their systems against such vulnerabilities.

References