Описание
CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request.
CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-2784
- https://www.exploit-db.com/exploits/39760
- http://packetstormsecurity.com/files/136897/CMS-Made-Simple-Cache-Poisoning.html
- http://seclists.org/fulldisclosure/2016/May/15
- http://www.cmsmadesimple.org/2016/03/Announcing-CMSMS-1-12-2-kolonia
- http://www.cmsmadesimple.org/2016/04/Announcing-CMSMS-2-1-3-Black-Point
- http://www.securityfocus.com/archive/1/538272/100/0/threaded
Связанные уязвимости
CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request.