A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function.
References
Configurations
History
11 Jul 2023, 16:01
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
CPE | cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.17:*:*:*:*:*:*:* | |
First Time |
Cmsmadesimple cms Made Simple
Cmsmadesimple |
|
References | (MISC) https://okankurtulus.com.tr/2023/06/27/cms-made-simple-v2-2-17-stored-cross-site-scripting-xss-authenticated/ - Exploit | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
06 Jul 2023, 15:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-06 15:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-36970
Mitre link : CVE-2023-36970
CVE.ORG link : CVE-2023-36970
JSON object : View
Products Affected
cmsmadesimple
- cms_made_simple
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')