Songohan

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.14 Description: A stored cross scripting (XSS) issue allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the `Add Shortcut` parameter under the `Manage Shortcuts` module. Recommendations: For CMS Made Simple version 2.2.14, update to a version that fixes this issue to prevent exploitation. As a temporary workaround, consider restricting access to the `Manage Shortcuts` module to minimize the risk of exploitation. Avoid using the `Add Shortcut` parameter in the affected module until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.14 Description: A stored cross-site scripting (XSS) issue allows authenticated attackers to execute arbitrary web scripts or HTML by entering a crafted payload into the `Add Category` parameter under the `Categories` module. Recommendations: For CMS Made Simple version 2.2.14, update to a version that fixes this issue to prevent exploitation. As a temporary workaround, consider restricting access to the `Categories` module to minimize the risk of exploitation. Avoid using the `Add Category` parameter until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.14 Description: A stored cross-site scripting (XSS) issue allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the `Email address to receive notification of news submission` parameter under the Options module. Recommendations: For CMS Made Simple version 2.2.14, update the software to a version that fixes this issue, ensuring that the `Email address to receive notification of news submission` parameter is properly sanitized to prevent XSS attacks. As a temporary workaround, consider restricting access to the Options module to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.14 Description: A stored cross scripting (XSS) issue allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the `Path for the {page image} tag:` or `Path for thumbnail field:` parameters under the Content Editing Settings module. Recommendations: For CMS Made Simple version 2.2.14, as a temporary workaround, consider restricting access to the Content Editing Settings module until a patch is available. Avoid using the `Path for the {page image} tag:` and `Path for thumbnail field:` parameters in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.14 Description: A stored cross scripting (XSS) issue allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the `Search Text` field under the `Admin Search` module. Recommendations: For CMS Made Simple version 2.2.14, update to a version that fixes this issue to prevent exploitation.

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.14 Description: A stored cross-site scripting (XSS) issue allows authenticated attackers to execute arbitrary web scripts or HTML by entering a crafted payload into the `Exclude these IP addresses from the "Site Down" status` parameter under the Maintenance Mode module. Recommendations: For CMS Made Simple version 2.2.14, as a temporary workaround, consider restricting access to the Maintenance Mode module until a patch is available. Avoid using the `Exclude these IP addresses from the "Site Down" status` parameter in the affected module until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.14 Description: A stored cross-site scripting (XSS) issue allows authenticated attackers to execute arbitrary web scripts or HTML by entering a crafted payload into the `URL (slug)` or `Extra` fields under the Add Article feature. Recommendations: For CMS Made Simple version 2.2.14, update to a version that contains a fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.14 Description: A stored cross-site scripting (XSS) issue allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the `Create a new Stylesheet` parameter under the `Stylesheets` module. Recommendations: For CMS Made Simple version 2.2.14, update to a version that fixes this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.14 Description: A stored cross-site scripting (XSS) issue allows authenticated attackers to execute arbitrary web scripts or HTML by entering a crafted payload into the `Create a new Design` parameter under the Designs module. Recommendations: For CMS Made Simple version 2.2.14, consider restricting access to the Designs module until a patch is available, and avoid using the `Create a new Design` parameter with untrusted input.