PT-2023-28800 · Unknown · Cms Made Simple
Romanhu
·
Published
2023-10-20
·
Updated
2023-10-25
·
CVE-2023-43355
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
CMSmadesimple version 2.2.18
Description
The issue allows a local attacker to execute arbitrary code via a crafted script to the
password and password again parameters in the My Preferences - Add user component. This enables the attacker to perform Cross Site Scripting attacks.Recommendations
For CMSmadesimple version 2.2.18, update to a version that fixes this issue to prevent exploitation.
As a temporary workaround, consider restricting access to the My Preferences - Add user component until a patch is available.
Avoid using the
password and password again parameters in the affected component until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cms Made Simple