CVE-2024-33423

Name of the Vulnerable Software and Affected Versions CMSimple version 5.15

Description A Cross-Site Scripting (XSS) issue in the Settings menu of CMSimple allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section. This enables attackers to potentially hijack user sessions, steal sensitive data, or perform other malicious actions.

Recommendations For CMSimple version 5.15, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the Settings menu, especially the Language section, to minimize the risk of exploitation. Avoid using the Logout parameter in the affected section until the issue is resolved.