First published: Thu Dec 13 2018(Updated: )
XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
TheDayLightStudio Fuel CMS | =1.4.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-20136 is a vulnerability in FUEL CMS 1.4.3 that allows for XSS attacks through the Header or Body in the Layout Variables during new-page creation.
CVE-2018-20136 has a severity rating of medium, with a severity value of 4.8.
CVE-2018-20136 affects FUEL CMS 1.4.3.
CVE-2018-20136 can be exploited by crafting malicious payloads in the Header or Body of the Layout Variables during new-page creation in FUEL CMS.
At this time, there is no known fix for CVE-2018-20136. It is recommended to update to the latest version of FUEL CMS when a fix becomes available.