CVE-2020-22152

Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/daylightstudio/FUEL-CMS/issues/552	Exploit Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:thedaylightstudio:fuel_cms:1.4.6:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-07-03 21:15

Updated : 2023-07-11 17:23

NVD link : CVE-2020-22152

Mitre link : CVE-2020-22152

CVE.ORG link : CVE-2020-22152

JSON object : View

Products Affected

thedaylightstudio

fuel_cms

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

5.4 /10