CVE-2018-1999021
MEDIUM5.4EPSS 0.21%Gleez Cms Cross-site Scripting in Profile Page
發布日:2022/5/14修改日:2024/4/25
描述
Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting (XSS) vulnerability in Profile page that can result in injection of arbitrary web script or HTML via the profile page editor. The victim must navigate to the attacker's profile page to exploit this vulnerability.
受影響套件(1)
- Packagist/gleez/cmsfrom 0, <= 1.3.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |