Fuel CMS
Source repositories
CVEs (25)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-26167 | 0.00 | — | 0.03 | Nov 4, 2020 | In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one. | |||
| CVE-2019-15228 | 0.00 | — | 0.01 | Aug 19, 2019 | FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors. | |||
| CVE-2018-20188 | 0.00 | — | 0.01 | Dec 17, 2018 | FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account. | |||
| CVE-2018-20137 | 0.00 | — | 0.01 | Dec 13, 2018 | XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated by the pages/edit/1?lang=english URI. | |||
| CVE-2018-20136 | 0.00 | — | 0.01 | Dec 13, 2018 | XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI. |
- CVE-2020-26167Nov 4, 2020risk 0.00cvss —epss 0.03
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.
- CVE-2019-15228Aug 19, 2019risk 0.00cvss —epss 0.01
FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.
- CVE-2018-20188Dec 17, 2018risk 0.00cvss —epss 0.01
FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account.
- CVE-2018-20137Dec 13, 2018risk 0.00cvss —epss 0.01
XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated by the pages/edit/1?lang=english URI.
- CVE-2018-20136Dec 13, 2018risk 0.00cvss —epss 0.01
XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI.
Page 2 of 2