Cross-Site Scripting (XSS) Vulnerability in CMS Made Simple 2.2.14
CVE-2024-1529

6.1MEDIUM

Key Information:

Vendor: Cms Made Simple
Status: Cms Made Simple
Vendor: CVE Published:; 12 March 2024

🔔 Create Cms Made Simple Vulnerability Alert

What is CVE-2024-1529?

A Cross-Site Scripting vulnerability exists in CMS Made Simple version 2.2.14 due to inadequate encoding of user-controlled input. This issue pertains to multiple parameters in the /admin/adduser.php interface. An attacker can exploit this vulnerability by crafting a malicious JavaScript payload that, when sent to an authenticated user, could execute within their browser. This could lead to unauthorized actions performed on behalf of the user, compromising the security and privacy of their session.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CMS Made Simple 2.2.14

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 12, 2024
Vulnerability Reserved
Feb 15, 2024

Credit

Rafael Pedrero

JSON

Cms Made Simple