Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/gleez/cms/issues/794 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-04-05T14:00:00
Updated: 2024-08-05T06:17:17.347Z
Reserved: 2018-02-14T00:00:00
Link: CVE-2018-7035
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-04-05T14:29:00.247
Modified: 2018-05-09T18:05:16.240
Link: CVE-2018-7035
Redhat
No data.