Cross Site Scripting Vulnerability in FluentCMS by Fluent
CVE-2026-38947

6.1MEDIUM

Key Information:

Vendor

Fluent

Status
Vendor
CVE Published:
5 May 2026

What is CVE-2026-38947?

FluentCMS version 1.2.3 contains a Cross Site Scripting (XSS) vulnerability within the TextHTML plugin. This flaw could allow attackers to inject malicious scripts, compromising user interactions and potentially leading to unauthorized data access or manipulation. It’s crucial for users of this version to apply security measures and updates to mitigate risks associated with this vulnerability.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.