PT-2023-28804 · Unknown · Cms Made Simple

Romanhu

Publicado

2023-10-19

Atualizado

2023-10-30

CVE-2023-43359

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions CMSmadesimple version 2.2.18

Description A Cross Site Scripting issue allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component.

Recommendations For CMSmadesimple version 2.2.18, update to a version that fixes this issue, as the current version allows for the execution of arbitrary code by a local attacker. As a temporary workaround, consider restricting access to the Content Manager Menu component until a patch is available. Avoid using the Page Specific Metadata and Smarty data parameters in the affected component until the issue is resolved.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-43359

Produtos afetados

Cms Made Simple

PT-2023-28804 · Unknown · Cms Made Simple

CVE-2023-43359

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7