Home > Vulnerability Database > CVE-2018-7035

Mend.io Vulnerability Database

CVE-2018-7035

Date: April 5, 2018

Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action.

Language: PHP

Severity Score

5.4

Related Resources (6)

Url: https://github.com/gleez/cms/commit/d4ad1844e9fe6e2b9b92dfb351fb7e01047f9565

Url: https://github.com/gleez/cms

Url: https://github.com/gleez/cms/issues/796

Url: https://github.com/gleez/cms/issues/794

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-7035

Url: https://www.mend.io/vulnerability-database/CVE-2018-7035

Severity Score

5.4

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	3.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-7035

Date: April 5, 2018

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?