CVE-2024-32345

Name of the Vulnerable Software and Affected Versions CMSimple version 5.15

Description A cross-site scripting (XSS) vulnerability in the Settings menu allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section.

Recommendations For CMSimple version 5.15, as a temporary workaround, consider restricting access to the Settings menu until a patch is available. Avoid using the Configuration parameter in the Language section to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.