CVE-2018-7035

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-7035

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-7035.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-7035

Aliases

GHSA-m2r2-qc49-gqw4

Published

2018-04-05T14:29:00Z

Modified

2024-05-14T06:34:02.960917Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action.

References

https://github.com/gleez/cms/issues/794

Affected packages

Git / github.com/gleez/cms

Affected ranges

Type: GIT
Repo: https://github.com/gleez/cms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

637b864392ee707839459278ad5f6fb9311c65bf

Affected versions

1.*

1.0.1

1.1.5

1.2.0