CVE-2026-38948

Published
View on NVD ↗
CVSS v3
5.4
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS

Description

Cross-Site Scripting (XSS) vulnerability exists in FUEL CMS v1.5.2 and before within the asset upload functionality. The application fails to properly sanitize uploaded SVG files, allowing a low-privileged authenticated user to upload a crafted SVG file containing malicious code.

daylightstudio/FUEL-CMS
daylightstudio/FUEL-CMS
A CodeIgniter Content Management System
GitHubGitHub
1.02K
Chittu13/cve-research
Chittu13/cve-research
GitHubGitHub