VYPR

Fuel CMS

by Thedaylightstudio

Source repositories

CVEs (25)

  • CVE-2020-26167Nov 4, 2020
    risk 0.00cvss epss 0.03

    In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.

  • CVE-2019-15228Aug 19, 2019
    risk 0.00cvss epss 0.01

    FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.

  • CVE-2018-20188Dec 17, 2018
    risk 0.00cvss epss 0.01

    FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account.

  • CVE-2018-20137Dec 13, 2018
    risk 0.00cvss epss 0.01

    XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated by the pages/edit/1?lang=english URI.

  • CVE-2018-20136Dec 13, 2018
    risk 0.00cvss epss 0.01

    XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI.

Page 2 of 2