PT-2017-19104 · Cms Made Simple · Cms Made Simple

Xiaozhi

Published

2017-06-18

Updated

2017-06-22

CVE-2017-9668

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions CMS Made Simple version 2.1.6

Description The issue is related to a lack of XSS filtering when adding a user group in the admin interface. This results in storage-type XSS generation via the description parameter in an addgroup action.

Recommendations For CMS Made Simple version 2.1.6, consider disabling the addgroup functionality until a patch is available to prevent potential XSS exploitation. Restrict access to the admin/addgroup.php page to minimize the risk of exploitation. Avoid using the description parameter in the addgroup action until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-9668

Affected Products

Cms Made Simple

PT-2017-19104 · Cms Made Simple · Cms Made Simple

CVE-2017-9668

Weakness Enumeration

Related Identifiers

Affected Products

References · 3