A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack.
References
Link | Resource |
---|---|
https://github.com/daylightstudio/FUEL-CMS/issues/595 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-05-03T18:01:45
Updated: 2022-05-03T18:01:45
Reserved: 2022-04-04T00:00:00
Link: CVE-2022-28599
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-05-03T18:15:08.983
Modified: 2022-05-10T19:12:55.073
Link: CVE-2022-28599
JSON object: View
Redhat Information
No data.
CWE