XSS Vulnerability in CMS Made Simple by CMS Made Simple
CVE-2020-23240

4.8MEDIUM

Key Information:

Vendor: Cmsmadesimple
Status: Cms Made Simple
Vendor: CVE Published:; 26 July 2021

Summary

This vulnerability allows an attacker to exploit a cross-site scripting flaw within the Logic field in the Content Manager of CMS Made Simple version 2.2.14. Successful exploitation could enable an attacker to execute arbitrary scripts in the context of the user’s browser, potentially compromising user data and session integrity. To mitigate this risk, it is crucial for users to update to the latest version of CMS Made Simple and follow best security practices.

References

http://dev.cmsmadesimple.org/bug/view/12321

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 26, 2021
Vulnerability Reserved
Aug 13, 2020