Browse all 3 CVE security advisories affecting rewardsfuel. AI-powered Chinese analysis, POCs, and references for each vulnerability.
RewardsFuel operates as a customer loyalty and rewards platform enabling businesses to manage incentive programs. Historically, the system has been susceptible to multiple security vulnerabilities, including cross-site scripting (XSS) and remote code execution (RCE) flaws, often stemming from improper input validation and insecure API endpoints. These vulnerabilities have allowed attackers to execute arbitrary code, manipulate user sessions, and potentially escalate privileges. The platform's three recorded CVEs highlight recurring issues in web application security, particularly in how user-generated content is processed. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities suggests ongoing challenges in maintaining secure coding practices across their web infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-12513 | Contests by Rewards Fuel <= 2.0.65 - Authenticated (Contributor+) Stored Cross-Site Scripting — Contests by Rewards FuelCWE-79 | 6.4 | Medium | 2024-12-18 |
| CVE-2024-1787 | Contests by Rewards Fuel <= 2.0.64 - Authenticated (Contributor+) Stored Cross-Site Scripting via update_rewards_fuel_api_key — Contests by Rewards FuelCWE-79 | 6.4 | Medium | 2024-03-20 |
| CVE-2024-1785 | Contests by Rewards Fuel <= 2.0.62 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Contests by Rewards FuelCWE-352 | 5.4 | Medium | 2024-03-20 |
This page lists every published CVE security advisory associated with rewardsfuel. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.