Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action.
References
Link | Resource |
---|---|
https://github.com/gleez/cms/issues/794 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-04-05T14:00:00
Updated: 2018-04-05T14:57:01
Reserved: 2018-02-14T00:00:00
Link: CVE-2018-7035
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-04-05T14:29:00.247
Modified: 2018-05-09T18:05:16.240
Link: CVE-2018-7035
JSON object: View
Redhat Information
No data.
CWE