Security Advisory

CVE-2022-28599

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-05-03 18:01:45

Last updated 2024-08-03 05:56:16

Assigner mitre

State PUBLISHED

Description

A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack.

← Browse all CVEs View on cve.org ↗