An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS payload and bypass a filter via /fuelCM/fuel/pages/edit/1?lang=english.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23721
Reference (s):
- https://github.com/daylightstudio/FUEL-CMS/issues/559