A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/28xxx/CVE-2022-28599.json",
"cna_assigner": "mitre"
}