CVE-2018-7035 – gleez/cms

Package

Manager: composer
Name: gleez/cms
Vulnerable Version: >=0 <=1.2.0 || =2.0.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00229 pctl0.45552

Details

Gleez CMS Stored XSS Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action.

Metadata

Created: 2022-05-14T03:25:24Z
Modified: 2023-10-06T17:46:32Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m2r2-qc49-gqw4/GHSA-m2r2-qc49-gqw4.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-m2r2-qc49-gqw4
Finding: F425
Auto approve: 1