PT-2006-7441 · Cms Made Simple · Cms Made Simple

L0J1K

Published

2006-12-31

Updated

2018-10-17

CVE-2006-6844

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 1.0.2

Description: A cross-site scripting (XSS) issue exists in the optional user comment module, allowing remote attackers to inject arbitrary web script or HTML via the user comment form.

Recommendations: For CMS Made Simple version 1.0.2, update the optional user comment module to a version that fixes this issue or disable the user comment form to prevent exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6844

Affected Products

Cms Made Simple

PT-2006-7441 · Cms Made Simple · Cms Made Simple

CVE-2006-6844

Related Identifiers

Affected Products

References · 7