First published: Thu Feb 24 2022(Updated: )
A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
TheDayLightStudio Fuel CMS | =1.5.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-44607 is a Cross Site Scripting (XSS) vulnerability that exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file.
The severity of CVE-2021-44607 is medium, with a CVSS score of 5.4.
CVE-2021-44607 allows an attacker to inject malicious scripts into the FUEL-CMS Assets page via an SVG file, potentially leading to arbitrary code execution or the theft of sensitive information.
To fix the CVE-2021-44607 vulnerability, it is recommended to upgrade to a patched version of FUEL-CMS that addresses the Cross Site Scripting (XSS) vulnerability.
The Common Weakness Enumeration (CWE) ID for CVE-2021-44607 is CWE-79, which refers to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').