CVE-2018-1999021

MEDIUM5.4EPSS 0.21%

Gleez Cms Cross-site Scripting in Profile Page

Published: 5/14/2022Modified: 4/25/2024

Description

Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting (XSS) vulnerability in Profile page that can result in injection of arbitrary web script or HTML via the profile page editor. The victim must navigate to the attacker's profile page to exploit this vulnerability.

Affected packages (1)

Packagist/gleez/cmsfrom 0, <= 1.3.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-1999021
PATCHhttps://github.com/gleez/cms
WEBhttps://github.com/gleez/cms/issues/797