A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
PUBLISHED5.2ApplicationCWE-79CWE-94
FluentCMS Blocks Plugin blocks cross site scripting
Problem type
Affected products
FluentCMS
0.0.5 - AFFECTED
References
VDB-369014 | FluentCMS Blocks Plugin blocks cross site scripting
https://vuldb.com/vuln/369014
VDB-369014 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/369014/cti
CVE-2026-11434 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-11434
Submit #821094 | FluentCMS 0.0.5 Cross Site Scripting
https://vuldb.com/submit/821094
hackmd.io
https://hackmd.io/@noka/BkHdIMFAWx
GitHub Security Advisories
GHSA-gp2j-q325-2c8q
A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of...
https://github.com/advisories/GHSA-gp2j-q325-2c8qA weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2026-11434
hackmd.io
https://hackmd.io/@noka/BkHdIMFAWx
vuldb.com
https://vuldb.com/cve/CVE-2026-11434
vuldb.com
https://vuldb.com/submit/821094
vuldb.com
https://vuldb.com/vuln/369014
vuldb.com
https://vuldb.com/vuln/369014/cti
github.com
https://github.com/advisories/GHSA-gp2j-q325-2c8q
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-11434Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-11434",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2026-06-06T14:15:09.941Z",
"dateReserved": "2026-06-05T22:07:20.333Z",
"datePublished": "2026-06-06T14:15:09.941Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2026-06-06T14:15:09.941Z"
},
"title": "FluentCMS Blocks Plugin blocks cross site scripting",
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"affected": [
{
"vendor": "n/a",
"product": "FluentCMS",
"cpes": [
"cpe:2.3:a:fluentcms:fluentcms:*:*:*:*:*:*:*:*"
],
"modules": [
"Blocks Plugin"
],
"versions": [
{
"version": "0.0.5",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Cross Site Scripting",
"cweId": "CWE-79",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Code Injection",
"cweId": "CWE-94",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/vuln/369014",
"name": "VDB-369014 | FluentCMS Blocks Plugin blocks cross site scripting",
"tags": [
"vdb-entry"
]
},
{
"url": "https://vuldb.com/vuln/369014/cti",
"name": "VDB-369014 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/cve/CVE-2026-11434",
"name": "CVE-2026-11434 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://vuldb.com/submit/821094",
"name": "Submit #821094 | FluentCMS 0.0.5 Cross Site Scripting",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://hackmd.io/@noka/BkHdIMFAWx",
"tags": [
"exploit"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"baseScore": 2.4,
"baseSeverity": "LOW"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"baseScore": 2.4,
"baseSeverity": "LOW"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"baseScore": 3.3
}
}
],
"timeline": [
{
"time": "2026-06-05T02:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2026-06-06T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2026-06-06T00:12:24.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "Karina Gante",
"type": "finder"
},
{
"lang": "en",
"value": "karinagante (VulDB User)",
"type": "reporter"
},
{
"lang": "en",
"value": "VulDB CNA Team",
"type": "coordinator"
}
]
}
}
}