CVE-2023-43354

Name of the Vulnerable Software and Affected Versions CMSmadesimple version 2.2.18

Description A Cross Site Scripting issue allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions - MicroTiny WYSIWYG editor component. This enables the attacker to perform unauthorized actions.

Recommendations For CMSmadesimple version 2.2.18, consider disabling the MicroTiny WYSIWYG editor component until a patch is available to prevent exploitation of the Cross Site Scripting issue. Restrict access to the Profiles parameter to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.