CVE-2024-33424

Name of the Vulnerable Software and Affected Versions CMSimple version 5.15

Description A cross-site scripting (XSS) vulnerability in the Settings menu allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section.

Recommendations For CMSimple version 5.15, as a temporary workaround, consider restricting access to the Settings menu, specifically the Language section, until a patch is available. Avoid using the Downloads parameter in the affected section until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.