CVE-2019-15228

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-15228
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15228.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-15228
Published
2019-08-20T00:15:10.050Z
Modified
2026-04-10T04:14:59.154126Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.

References

Affected packages

Git / github.com/daylightstudio/fuel-cms

Affected ranges

Type
GIT
Repo
https://github.com/daylightstudio/fuel-cms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
aa70ba535811ecbf406d89aa786f32e3f7487914
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.4.4"
        }
    ]
}

Affected versions

1.*
1.0.3
1.0.4
1.0.5
1.0.6
1.1
1.2
1.3.1
1.3.2
1.4
1.4.1
1.4.2
1.4.3
1.4.4
v0.*
v0.9
v0.9.2
v1.*
v1.0
v1.0.1
v1.0.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15228.json"