CVE-2023-43359

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions CMSmadesimple version 2.2.18

Description A Cross Site Scripting issue allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component.

Recommendations For CMSmadesimple version 2.2.18, update to a version that fixes this issue, as the current version allows for the execution of arbitrary code by a local attacker. As a temporary workaround, consider restricting access to the Content Manager Menu component until a patch is available. Avoid using the Page Specific Metadata and Smarty data parameters in the affected component until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-43359

Affected Products

Cms Made Simple

CVE-2023-43359

Weakness Enumeration

Related Identifiers

Affected Products

References · 7