CVE-2019-15228: XSS
First published: Tue Aug 20 2019(Updated: )
FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TheDayLightStudio Fuel CMS | <=1.4.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-15228?
CVE-2019-15228 is a vulnerability in FUEL CMS 1.4.4 that allows for XSS in the Create Blocks section of the Admin console.
How severe is CVE-2019-15228?
CVE-2019-15228 has a severity rating of medium with a CVSS score of 5.4.
How does CVE-2019-15228 affect FUEL CMS?
CVE-2019-15228 can lead to cookie stealing and other malicious actions in FUEL CMS 1.4.4.
Can the vulnerability be exploited without authentication?
Although the vulnerability requires an authenticated account to exploit, it can also impact unauthenticated visitors.
How can I fix CVE-2019-15228?
To fix CVE-2019-15228, it is recommended to update FUEL CMS to a version that does not contain the vulnerability.
- collector/nvd-index
- vendor/thedaylightstudio
- canonical/thedaylightstudio fuel cms
- version/thedaylightstudio fuel cms/1.4.4