CVE-2023-43872

Name of the Vulnerable Software and Affected Versions CMSmadesimple version 2.2.18

Description A File upload vulnerability in CMSmadesimple allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).

Recommendations For CMSmadesimple version 2.2.18, consider disabling the file upload feature until a patch is available to prevent exploitation of the vulnerability. Restrict access to the file upload module to minimize the risk of uploading malicious files, such as pdf files with hidden XSS. Avoid using the file upload feature for pdf files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.