Nucleus CMS Unspecified HTML Injection Vulnerability

Nucleus CMS Unspecified HTML Injection Vulnerability

Nucleus CMS is prone to a HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible.

Nucleus CMS versions prior to 3.24 are vulnerable.

NOTE: An attacker must have valid member privileges to exploit this issue.