Cross Site Scripting Vulnerability in CMS Made Simple by CMS Made Simple Project
CVE-2021-43154

6.1MEDIUM

Key Information:

Vendor: Cmsmadesimple
Status: Cms Made Simple
Vendor: CVE Published:; 13 April 2022

Summary

A Cross Site Scripting (XSS) vulnerability has been identified in CMS Made Simple 2.2.15. This security flaw occurs due to improper validation in the Name field when adding a category through the moduleinterface.php file. Attackers could exploit this vulnerability to inject malicious scripts, leading to the potential compromise of user sessions or the execution of unauthorized actions within the CMS environment. It's essential for users of affected versions to apply security updates promptly to mitigate the risk associated with this vulnerability.

References

https://elprofesor.me/2021/10/24/stored-cross-site-script...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 13, 2022
Vulnerability Reserved
Nov 1, 2021