exploitDog

CVE-2019-10017

Опубликовано: 24 мар. 2019

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker.

Ссылки

http://dev.cmsmadesimple.org/bug/view/12001
Exploit
Vendor Advisory
https://ctrsec.io/index.php/2019/03/24/cmsmadesimple-xss-filepicker/
Exploit
Third Party Advisory
http://dev.cmsmadesimple.org/bug/view/12001
Exploit
Vendor Advisory
https://ctrsec.io/index.php/2019/03/24/cmsmadesimple-xss-filepicker/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.10:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00254

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-gh35-frqg-4h6p

CVSS3: 5.4

github

больше 3 лет назад

CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker.

EPSS

Процентиль: 48%

0.00254

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79