CVE-2020-24860
N/A
N/A
Summary
CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.cmsmadesimple.org
- https://www.exploit-db.com/exploits/48851
- https://www.youtube.com/watch?v=M6D7DmmjLak&t=22s
- http://packetstormsecurity.com/files/159434/CMS-Made-Simple-2.2.14-Cross-Site-Scripting.html
References
- https://www.cmsmadesimple.org
- https://www.exploit-db.com/exploits/48851
- https://www.youtube.com/watch?v=M6D7DmmjLak&t=22s
- http://packetstormsecurity.com/files/159434/CMS-Made-Simple-2.2.14-Cross-Site-Scripting.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.