Gidunparo

**Name of the Vulnerable Software and Affected Versions** FUEL-CMS version 1.5.1 **Description** A stored cross-site scripting (XSS) issue exists that allows an authenticated user to upload a malicious .pdf file, which acts as a stored XSS payload. If this payload is triggered by an administrator, it will trigger an XSS attack. **Recommendations** For FUEL-CMS version 1.5.1, consider restricting the upload of .pdf files or implementing validation to prevent malicious files from being uploaded until a patch is available. As a temporary workaround, limit administrator access to areas where the stored XSS payload could be triggered.