CVE-2018-20137

Name of the Vulnerable Software and Affected Versions FUEL CMS version 1.4.3

Description A security issue exists in the software, where XSS can be triggered via the Page title, Meta description, or Meta keywords during page data management. This is demonstrated by the "/pages/edit/1?lang=english" API endpoint.

Recommendations For FUEL CMS version 1.4.3, consider restricting access to the page data management functionality until a fix is available, and avoid using the lang parameter in the /pages/edit/1 API endpoint.