Vendor Homepage: https://www.getfuelcms.com/
Github Link: https://github.com/daylightstudio/FUEL-CMS
FUEL-CMS-1.5.2 exists a reflected Cross-Site Scripting(XSS) vulnerability Reflected Cross-Site Scripting(XSS) in Navigation. On the Navigation page, it has been identified that attackers are capable of executing XSS injections using some payloads.
- After logging in, searching on the Navigation page.
-
A payload can be inserted after the “group_id” parameter, for example: payload -> "onmouseover="alert('xss')".
-
When the attacker moves the mouse over the Create button, it triggers an XSS attack.
/1.png)
/2.png)