CVE-2020-24860

Published: Oct 1, 2020Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website.

Affected (1)

Products: Cmsmadesimple: Cms Made Simple

Cmsmadesimple

1 product

Cms Made Simple

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cmsmadesimple Cms Made Simple	Version 2.2.14

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (8)

http://packetstormsecurity.com/files/159434/CMS-Made-Simple-2.2.14-Cross-Site-Scripting.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.cmsmadesimple.org

Source: cve@mitre.org

Product

https://www.exploit-db.com/exploits/48851

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.youtube.com/watch?v=M6D7DmmjLak&t=22s

Source: cve@mitre.org

ExploitThird Party Advisory

http://packetstormsecurity.com/files/159434/CMS-Made-Simple-2.2.14-Cross-Site-Scripting.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.cmsmadesimple.org

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://www.exploit-db.com/exploits/48851

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.youtube.com/watch?v=M6D7DmmjLak&t=22s

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.