CVE-2018-7035

Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action.

Published: Apr 5, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-7035
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
gleezcms / gleez_cms	2.0	2.0.x
gleezcms / gleez_cms	1.2.0	1.2.0.x

https://github.com/gleez/cms/issues/794

Vulnerability Database

CVE-2018-7035