VYPR
← All advisories
Moderate severityNVD Advisory· Published Apr 5, 2018· Updated Aug 5, 2024

CVE-2018-7035

CVE-2018-7035

Description

Stored XSS in Gleez CMS 1.2.0 and 2.0 allows remote attackers (users) to inject JavaScript via HTML content in the editor, which triggers when an Administrator edits the same content.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Stored XSS in Gleez CMS 1.2.0 and 2.0 allows remote attackers (users) to inject JavaScript via HTML content in the editor, which triggers when an Administrator edits the same content.

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in Gleez CMS versions 1.2.0 and 2.0, where remote attackers (standard users) can inject arbitrary JavaScript into HTML content using the source editor (HTML mode) during an Add Blog action. The injected script is stored in the database and executes when an Administrator later edits the same content, as the editor (based on Redactor 3) does not sufficiently sanitize HTML input [1][2].

Exploitation

An attacker with a standard user account (or any user role allowed to create blog posts) can craft a blog entry containing malicious JavaScript. The attacker uses the source editor to directly input raw HTML, including `` tags or event handlers. The input is stored without proper sanitization. When a privileged user (typically an Administrator) opens the same content for editing—using the visual or source editor—the malicious payload executes in the context of the administrator's browser session [1][2].

Impact

Successful exploitation results in stored XSS, allowing the attacker to perform actions on behalf of the administrator within the CMS, such as creating new admin accounts, modifying site content, or stealing session cookies. The impact is broad because the payload persists and can activate each time the vulnerable content is edited [1][2].

Mitigation

The vulnerability is addressed in commit d4ad1844e9fe6e2b9b92dfb351fb7e01047f9565, which comments out the entire editor() function that loaded the Redactor 3 JavaScript and CSS files, effectively disabling the vulnerable editor component [4]. Users should update to a version of Gleez CMS that includes this commit or apply the patch manually. No workaround other than disabling the Redactor editor is documented. The affected versions (1.2.0 and 2.0) are no longer actively maintained; upgrading to the latest patched release is strongly recommended [3].

References
  1. NVD - CVE-2018-7035
  2. XSS Vulnerability caused by Redactor 3
  3. GitHub - gleez/cms: GleezCMS - A Light, Simple, Flexible Content Management System
  4. Security Fix XSS using Redactor · gleez/cms@d4ad184

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
gleez/cmsPackagist
<= 1.2.0

Affected products

1

Patches

1
d4ad1844e9fe

Security Fix XSS using Redactor

https://github.com/gleez/cmsSandeep SangamreddiJul 5, 2018via ghsa
commit
1 file changed · +12 12
  • modules/gleez/classes/assets.php+12 12 modified
    @@ -772,18 +772,18 @@ private static function _init_js()
 	 */
 	public static function editor($name = '.textarea', $lang = 'en')
 	{
-		self::css('redactor', 'media/css/redactor.css', array('default'), array('weight' => 1));
-		self::js('redactor', 'media/js/redactor.min.js', array('jquery'), FALSE, array('weight' => 15));
-		self::js('redactor/lang', 'media/js/redactor/langs/'.$lang.'.js', array('jquery'), FALSE, array('weight' => 16));
-
-		self::codes('editor', 'jQuery(document).ready(function(){
-					jQuery("'.$name.'").redactor({
-						lang: "'.$lang.'",
-						minHeight: 300,
-						autoresize: false
-					});
-			});'
-		);
+// 		self::css('redactor', 'media/css/redactor.css', array('default'), array('weight' => 1));
+// 		self::js('redactor', 'media/js/redactor.min.js', array('jquery'), FALSE, array('weight' => 15));
+// 		self::js('redactor/lang', 'media/js/redactor/langs/'.$lang.'.js', array('jquery'), FALSE, array('weight' => 16));
+
+// 		self::codes('editor', 'jQuery(document).ready(function(){
+// 					jQuery("'.$name.'").redactor({
+// 						lang: "'.$lang.'",
+// 						minHeight: 300,
+// 						autoresize: false
+// 					});
+// 			});'
+// 		);
 	}
 
 	/**

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.