CVE-2018-1999021 – gleez/cms

Package

Manager: composer
Name: gleez/cms
Vulnerable Version: >=0 <=1.3.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00206 pctl0.42973

Details

Gleez Cms Cross-site Scripting in Profile Page Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting (XSS) vulnerability in Profile page that can result in injection of arbitrary web script or HTML via the profile page editor. The victim must navigate to the attacker's profile page to exploit this vulnerability.

Metadata

Created: 2022-05-14T02:59:06Z
Modified: 2024-04-25T22:42:11Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q9g7-pff4-548r/GHSA-q9g7-pff4-548r.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-q9g7-pff4-548r
Finding: F425
Auto approve: 1