First published: Tue Jan 05 2021(Updated: )
FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account and also impact other visitors.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
TheDayLightStudio Fuel CMS | =1.4.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-26046 is a vulnerability in FUEL CMS 1.4.11 that allows for stored XSS in Blocks/Navigation/Site variables.
The vulnerability in CVE-2020-26046 can lead to cookie stealing and other malicious actions.
CVE-2020-26046 can be exploited by an authenticated account and can also impact other visitors.
CVE-2020-26046 has a severity rating of medium.
To fix CVE-2020-26046, update to the latest version of FUEL CMS.