Vulnerabilities > Thedaylightstudio > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-03 | CVE-2022-28599 | Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.5.1 A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. | 3.5 |
| 2022-04-11 | CVE-2022-27156 | Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.5.1 Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection. | 3.5 |
| 2022-02-24 | CVE-2021-44607 | Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.5.1 A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file. | 3.5 |
| 2021-03-10 | CVE-2020-23721 | Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.4.7 An issue was discovered in FUEL CMS V1.4.7. | 3.5 |
| 2019-08-20 | CVE-2019-15228 | Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. | 3.5 |
| 2018-12-13 | CVE-2018-20136 | Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.4.3 XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI. | 3.5 |
| 2018-12-13 | CVE-2018-20137 | Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.4.3 XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated by the pages/edit/1?lang=english URI. | 3.5 |