PT-2023-11610 · Fuel Cms · Fuel Cms
Pxss
·
Published
2023-07-03
·
Updated
2023-07-11
·
CVE-2020-22152
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
FUEL-CMS version 1.4.6
Description
A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the page title, meta description, and meta keywords of the pages function.
Recommendations
For version 1.4.6, consider restricting access to the page title, meta description, and meta keywords editing functionality until a fix is available. As a temporary workaround, validate and sanitize all user input for these fields to prevent code injection.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fuel Cms