CVE-2024-25369
published 2024-02-22CVE-2024-25369: A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the group_id parameter.
PriorityP422medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.38%
29.7th percentile
A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the group_id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| thedaylightstudio | fuel_cms | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-30457 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2026-30457 [MEDIUM] CVE-2026-30457 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30457 :
Fuel CMS vulnerability analysis and mitigation
An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code.
Source : NVD
## 9.8
Score
Published March 26, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
Fuel CMS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 26
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:thedaylightstudio:fuel_cms
Sources
Linux Severity CRITICAL No Fix Added at: Mar 31, 2026
Windows Severity CRITICAL No Fix Added at: Mar 31, 2026
Linux Severity CRITICAL No Fix Added at: Apr 02, 2026
Windows Severity CRITICAL No Fix Added
Wiz
CVE-2026-30458 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2026-30458 [MEDIUM] CVE-2026-30458 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30458 :
Fuel CMS vulnerability analysis and mitigation
An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack.
Source : NVD
## 9.1
Score
Published March 26, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
Fuel CMS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:thedaylightstudio:fuel_cms
Sources
Linux Severity CRITICAL No Fix Added at: Mar 31, 2026
Windows Severity CRITICAL No Fix Added at: Mar 31, 2026
Linux Severity CRITICAL No Fix Added at: Apr 02, 2026
Windows Severity CRITICAL No Fix Added at:
Wiz
CVE-2026-30463 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2026-30463 [MEDIUM] CVE-2026-30463 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30463 :
Fuel CMS vulnerability analysis and mitigation
Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component.
Source : NVD
## 7.7
Score
Published March 26, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
Fuel CMS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:thedaylightstudio:fuel_cms
Sources
Linux Severity HIGH No Fix Added at: Mar 31, 2026
Windows Severity HIGH No Fix Added at: Mar 31, 2026
Linux Severity HIGH No Fix Added at: Apr 02, 2026
Windows Severity HIGH No Fix Added at: Apr 02, 2026
## Get
2024-02-22
Published