CVE-2018-7035
published 2018-04-05CVE-2018-7035: Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor…
PriorityP423medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
EPSS
0.98%
57.8th percentile
Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| angular_redactor_project | angular_redactor | — | — |
| gleez | cms | 0 – 1.2.0 | — |
| gleezcms | gleez_cms | — | — |
| gleezcms | gleez_cms | — | — |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
ghsa5.4MEDIUM
osv5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Angular Redactor XSS Vulnerability
osv·2022-05-14·CVSS 5.4
CVE-2018-13339 [MEDIUM] Angular Redactor XSS Vulnerability
Angular Redactor XSS Vulnerability
Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035.
GHSA
Angular Redactor XSS Vulnerability
ghsa·2022-05-14·CVSS 5.4
CVE-2018-13339 [MEDIUM] CWE-79 Angular Redactor XSS Vulnerability
Angular Redactor XSS Vulnerability
Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035.
OSV
Gleez CMS Stored XSS
osv·2022-05-14
CVE-2018-7035 [MEDIUM] Gleez CMS Stored XSS
Gleez CMS Stored XSS
Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action.
GHSA
Gleez CMS Stored XSS
ghsa·2022-05-14
CVE-2018-7035 [MEDIUM] CWE-79 Gleez CMS Stored XSS
Gleez CMS Stored XSS
Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-04-05
Published