Search Results | AttackerKB

Show filters

Topics 3 Users 9,711

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

3 Total Results

Displaying 1-3 of 3

Attacker Value

Unknown

CVE-2022-28599

Disclosure Date: May 03, 2022 (last updated October 07, 2023)

A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack.

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2022-27156

Disclosure Date: April 11, 2022 (last updated October 07, 2023)

Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection.

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2021-44607

Disclosure Date: February 24, 2022 (last updated February 23, 2025)

A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file.

Attack Vector: Network Privileges: Low User Interaction: Required

0