PT-2023-28806 · Unknown · Cms Made Simple
Romanhu
·
Published
2023-10-24
·
Updated
2023-10-30
·
CVE-2023-43360
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
CMSmadesimple version 2.2.18
Description
A Cross Site Scripting issue allows a local attacker to execute arbitrary code via a crafted script to the
Top Directory parameter in the File Picker Menu component. This enables the attacker to inject malicious scripts, potentially leading to unauthorized actions on the system.Recommendations
For CMSmadesimple version 2.2.18, consider disabling the
File Picker Menu component until a patch is available to prevent exploitation of the Cross Site Scripting issue. Restrict access to the Top Directory parameter to minimize the risk of arbitrary code execution.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cms Made Simple