Unknown · Cms Made Simple · CVE-2021-28935
Name of the Vulnerable Software and Affected Versions:
CMS Made Simple versions 2.2.15
Description:
The issue allows for authenticated XSS via the /admin/addbookmark.php script, specifically through the Site Admin > My Preferences > Title field.
Recommendations:
For version 2.2.15, consider disabling access to the /admin/addbookmark.php script until a patch is available, and restrict modifications to the Title field in My Preferences to minimize the risk of exploitation.