CVE-2018-16347
Description
Gleez CMS v1.2.0 is vulnerable to reflected XSS via the media/imagecache/resize endpoint, allowing arbitrary JavaScript execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Gleez CMS v1.2.0 is vulnerable to reflected XSS via the media/imagecache/resize endpoint, allowing arbitrary JavaScript execution.
Vulnerability
Gleez CMS v1.2.0 contains a cross-site scripting (XSS) vulnerability in the media/imagecache/resize functionality. An attacker can inject arbitrary JavaScript into the URL, which is reflected in the response. [1][3]
Exploitation
An attacker can craft a URL such as https://demo.gleezcms.org/media/imagecache/resize/20x20// and trick a victim into visiting it. No authentication is required. [3]
Impact
Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's browser, potentially leading to cookie theft, session hijacking, or defacement. [1]
Mitigation
No official fix has been released for CVE-2018-16347. The Gleez CMS repository has been archived, and no patched version is available. Users should consider migrating to an alternative CMS.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gleez/cmsPackagist | <= 1.2.0 | — |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-5qqx-32hw-5vx4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-16347ghsaADVISORY
- github.com/gleez/cms/issues/798ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.