Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.
References
| Link | Resource |
|---|---|
| http://www.cmsmadesimple.org/ | Product |
| https://github.com/sromanhu/CVE-2023-43339-CMSmadesimple-Reflected-XSS---Installation/blob/main/README.md | Exploit Third Party Advisory |
| https://github.com/sromanhu/Cmsmadesimple-CMS-Stored-XSS/blob/main/README.md | Exploit Third Party Advisory |
Configurations
History
08 Nov 2023, 03:14
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Cmsmadesimple cms Made Simple
|
|
| CPE | cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.18:*:*:*:*:*:*:* |
26 Sep 2023, 14:46
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:cmsmadesimple:cmsmadesimple:2.2.18:*:*:*:*:*:*:* | |
| CWE | CWE-79 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
| First Time |
Cmsmadesimple
Cmsmadesimple cmsmadesimple |
|
| References | (MISC) http://www.cmsmadesimple.org/ - Product | |
| References | (MISC) https://github.com/sromanhu/CVE-2023-43339-CMSmadesimple-Reflected-XSS---Installation/blob/main/README.md - Exploit, Third Party Advisory | |
| References | (MISC) https://github.com/sromanhu/Cmsmadesimple-CMS-Stored-XSS/blob/main/README.md - Exploit, Third Party Advisory |
25 Sep 2023, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-09-25 16:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-43339
Mitre link : CVE-2023-43339
CVE.ORG link : CVE-2023-43339
JSON object : View
Products Affected
cmsmadesimple
- cms_made_simple
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')