Primary

Context

FluentCMS Cross-Site Scripting Vulnerability in TextHTML Plugin

Vulnerability

A cross-site scripting (XSS) vulnerability exists in FluentCMS version 1.2.3 within the TextHTML plugin. The issue arises because user input is not adequately sanitized before being displayed in the HTTP response. This flaw allows attackers to craft malicious URLs that execute arbitrary JavaScript in the context of the victim's browser.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, access the page preview feature and select the TextHTML plugin. Once in the editor, insert a script payload and save the changes. After refreshing the page, the injected script will execute, demonstrating the cross-site scripting vulnerability.

Remediation

Users are advised to update to the patched version of FluentCMS where this vulnerability has been addressed.

Added: May 5, 2026, 8:28 PM

Updated: May 5, 2026, 8:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.3

remediation

0.0

relevance

7.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.3

remediation

0.0

relevance

7.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FluentCMS Cross-Site Scripting Vulnerability in TextHTML Plugin

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating