Описание
CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Product
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Product
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.14:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00634
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website.
EPSS
Процентиль: 70%
0.00634
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79