Description
A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-06-06
Score: 4.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in the Blocks Plugin of FluentCMS 0.0.5 allows remote attackers to inject malicious scripts through an unknown function in the /admin/blocks interface. The flaw can be triggered without authentication and has a publicly available exploit. Successful exploitation can lead to cross‑site scripting attacks such as session hijacking, defacement, or delivery of additional malware.

Affected Systems

FluentCMS version 0.0.5, specifically the Blocks Plugin component. No other versions or products were identified; systems running this exact configuration are vulnerable.

Risk and Exploitability

The CVSS score of 4.8 indicates moderate severity. EPSS data is not available, and the vulnerability is not listed in CISA’s KEV catalog. Because the exploit is publicly available and can be invoked remotely, the likelihood of abuse is moderate to high, especially on exposed administrative interfaces.

Generated by OpenCVE AI on June 6, 2026 at 15:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the FluentCMS vendor website or support channels for an official patch or update.
  • Restrict access to the /admin/blocks endpoint so that only authenticated administrators can reach it, using role‑based access control.
  • Implement proper input validation and context‑aware escaping for any data rendered by the Blocks Plugin to prevent script injection.
  • If a patch is not immediately available, consider temporarily disabling or uninstalling the Blocks Plugin until a fix is released.

Generated by OpenCVE AI on June 6, 2026 at 15:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 06 Jun 2026 14:45:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title FluentCMS Blocks Plugin blocks cross site scripting
First Time appeared Fluentcms
Fluentcms fluentcms
Weaknesses CWE-79
CWE-94
CPEs cpe:2.3:a:fluentcms:fluentcms:*:*:*:*:*:*:*:*
Vendors & Products Fluentcms
Fluentcms fluentcms
References
Metrics cvssV2_0

{'score': 3.3, 'vector': 'AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 2.4, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 2.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Fluentcms Fluentcms
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-06T14:15:09.941Z

Reserved: 2026-06-05T22:07:20.333Z

Link: CVE-2026-11434

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-06T15:16:27.713

Modified: 2026-06-06T15:16:27.713

Link: CVE-2026-11434

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-06T15:30:23Z

Weaknesses