Vulnerabilities > Thedaylightstudio > Fuel CMS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-03 | CVE-2020-22152 | Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.4.6 Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function. | 5.4 |
| 2022-05-03 | CVE-2022-28599 | Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.5.1 A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. | 5.4 |
| 2022-04-11 | CVE-2022-27156 | Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.5.1 Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection. | 5.4 |
| 2022-02-24 | CVE-2021-44607 | Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.5.1 A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file. | 5.4 |
| 2021-09-09 | CVE-2021-38721 | Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.5.0 FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability | 6.5 |
| 2021-09-09 | CVE-2021-38725 | Improper Restriction of Excessive Authentication Attempts vulnerability in Thedaylightstudio Fuel CMS 1.5.0 Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php | 5.3 |
| 2021-03-10 | CVE-2020-28705 | Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.13 FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a page via a post ID to /pages/delete/3. | 4.3 |
| 2021-03-10 | CVE-2020-23721 | Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.4.7 An issue was discovered in FUEL CMS V1.4.7. | 5.4 |
| 2021-01-05 | CVE-2020-26046 | Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.4.11 FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. | 5.4 |
| 2019-08-20 | CVE-2019-15228 | Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. | 5.4 |