Home > Vulnerability Database > CVE-2018-7035

Mend.io Vulnerability Database

CVE-2018-7035

Date: April 5, 2018

Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action.

Language: PHP

Severity Score

5.4

Related Resources (3)

Url: https://github.com/gleez/cms/issues/794

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-7035

Url: https://www.mend.io/vulnerability-database/CVE-2018-7035

Severity Score

5.4

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2018-7035

Date: April 5, 2018

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?