Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action.
References
| Link | Resource |
|---|---|
| https://github.com/gleez/cms/issues/794 | Exploit Third Party Advisory |
| https://github.com/gleez/cms/issues/794 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:11
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/gleez/cms/issues/794 - Exploit, Third Party Advisory |
Information
Published : 2018-04-05 14:29
Updated : 2024-11-21 04:11
NVD link : CVE-2018-7035
Mitre link : CVE-2018-7035
CVE.ORG link : CVE-2018-7035
JSON object : View
Products Affected
gleezcms
- gleez_cms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')