First published: Tue Aug 20 2019(Updated: )
FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
TheDayLightStudio Fuel CMS | <=1.4.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-15228 is a vulnerability in FUEL CMS 1.4.4 that allows for XSS in the Create Blocks section of the Admin console.
CVE-2019-15228 has a severity rating of medium with a CVSS score of 5.4.
CVE-2019-15228 can lead to cookie stealing and other malicious actions in FUEL CMS 1.4.4.
Although the vulnerability requires an authenticated account to exploit, it can also impact unauthenticated visitors.
To fix CVE-2019-15228, it is recommended to update FUEL CMS to a version that does not contain the vulnerability.