Stored XSS Vulnerability in CMS Made Simple Product
CVE-2020-22732

4.8MEDIUM

Key Information:

Vendor: Cmsmadesimple
Status: Cms Made Simple
Vendor: CVE Published:; 5 August 2021

Summary

CMS Made Simple version 2.2.14 suffers from a stored cross-site scripting vulnerability within the Extensions > File Picker functionality. This flaw allows attackers to inject malicious scripts that may be executed in the context of a victim's browser, potentially exposing sensitive data or performing unauthorized actions through the affected web application.

References

http://dev.cmsmadesimple.org/bug/view/12288

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 5, 2021
Vulnerability Reserved
Aug 13, 2020