PT-2024-21974 · Unknown · Cms Made Simple
Published
2024-03-05
·
Updated
2024-11-12
·
CVE-2024-27625
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
CMS Made Simple version 2.2.19
Description
The issue is a Cross Site Scripting (XSS) vulnerability that resides in the File Manager module of the admin panel. It arises due to inadequate sanitization of user input in the "New directory" field.
Recommendations
For CMS Made Simple version 2.2.19, consider disabling the File Manager module until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the admin panel to minimize the risk of exploitation. Avoid using the "New directory" field in the File Manager module until the issue is resolved.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cms Made Simple