PT-2018-15200 · Gleez · Gleez Cms

Ghost

Published

2018-07-23

Updated

2022-05-14

CVE-2018-1999021

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Gleez Cms version 1.3.0

Description The issue is related to a Cross Site Scripting (XSS) vulnerability in the Profile page, which can lead to the injection of arbitrary web script or HTML via the profile page editor. This can be exploited when the victim navigates to the attacker's profile page.

Recommendations For version 1.3.0, consider disabling the profile page editor as a temporary workaround until a patch is available. Restrict access to the profile page to minimize the risk of exploitation. Avoid using the profile page editor until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-1999021

GHSA-Q9G7-PFF4-548R

Affected Products

Gleez Cms

PT-2018-15200 · Gleez · Gleez Cms

CVE-2018-1999021

Weakness Enumeration

Related Identifiers

Affected Products

References · 5