CVE-2024-32344

Name of the Vulnerable Software and Affected Versions CMSimple version 5.15

Description A cross-site scripting (XSS) vulnerability in the Settings menu allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section.

Recommendations For CMSimple version 5.15, as a temporary workaround, consider restricting access to the Settings menu, specifically the Language section, until a patch is available. Avoid using the Edit parameter in the affected section to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.