Cross-Site Scripting (XSS) Vulnerability in /admin/moduleinterface.php
CVE-2024-1528

6.1MEDIUM

Key Information:

Vendor: Cms Made Simple
Status: Cms Made Simple
Vendor: CVE Published:; 12 March 2024

🔔 Create Cms Made Simple Vulnerability Alert

What is CVE-2024-1528?

CMS Made Simple version 2.2.14 contains a vulnerability associated with Cross-Site Scripting (XSS) due to improper encoding of user-controlled inputs within the /admin/moduleinterface.php interface. This security flaw permits remote attackers to inject malicious JavaScript code into targeted user sessions. As a consequence, attackers may partially take control of an authenticated user's browser session, potentially accessing sensitive information or executing unauthorized actions on behalf of the user.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CMS Made Simple 2.2.14

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 12, 2024
Vulnerability Reserved
Feb 15, 2024

Credit

Rafael Pedrero

JSON

Cms Made Simple