Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tMnIyLXFjNDktZ3F3NM4AAW7h
Gleez CMS Stored XSS
Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action.
Permalink: https://github.com/advisories/GHSA-m2r2-qc49-gqw4JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tMnIyLXFjNDktZ3F3NM4AAW7h
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 7 months ago
CVSS Score: 5.4
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-m2r2-qc49-gqw4, CVE-2018-7035
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-7035
- https://github.com/gleez/cms/issues/794
- https://github.com/gleez/cms/commit/d4ad1844e9fe6e2b9b92dfb351fb7e01047f9565
- https://github.com/gleez/cms/issues/796
- https://github.com/advisories/GHSA-m2r2-qc49-gqw4
Blast Radius: 1.0
Affected Packages
packagist:gleez/cms
Dependent packages: 0Dependent repositories: 0
Downloads: 8 total
Affected Version Ranges: = 2.0.0, <= 1.2.0
No known fixed version
All affected versions: