Vulnerabilities > Thedaylightstudio > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-07-03 CVE-2020-22152 Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.4.6
Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function.
network
low complexity
thedaylightstudio CWE-79
5.4
5.4
2022-05-03 CVE-2022-28599 Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.5.1
A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload.
network
low complexity
thedaylightstudio CWE-79
5.4
5.4
2022-04-11 CVE-2022-27156 Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.5.1
Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection.
network
low complexity
thedaylightstudio CWE-79
5.4
5.4
2022-02-24 CVE-2021-44607 Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.5.1
A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file.
network
low complexity
thedaylightstudio CWE-79
5.4
5.4
2021-09-09 CVE-2021-38721 Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.5.0
FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability
network
low complexity
thedaylightstudio CWE-352
6.5
6.5
2021-09-09 CVE-2021-38725 Improper Restriction of Excessive Authentication Attempts vulnerability in Thedaylightstudio Fuel CMS 1.5.0
Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php
network
low complexity
thedaylightstudio CWE-307
5.3
5.3
2021-03-10 CVE-2020-28705 Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.13
FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a page via a post ID to /pages/delete/3.
network
low complexity
thedaylightstudio CWE-352
4.3
4.3
2021-03-10 CVE-2020-23721 Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.4.7
An issue was discovered in FUEL CMS V1.4.7.
network
low complexity
thedaylightstudio CWE-79
5.4
5.4
2021-01-05 CVE-2020-26046 Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS 1.4.11
FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables.
network
low complexity
thedaylightstudio CWE-79
5.4
5.4
2019-08-20 CVE-2019-15228 Cross-site Scripting vulnerability in Thedaylightstudio Fuel CMS
FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console.
network
low complexity
thedaylightstudio CWE-79
5.4
5.4