CVE-2020-36408

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Shortcut" parameter under the "Manage Shortcuts" module.
References
Link Resource
http://dev.cmsmadesimple.org/bug/view/12325 Exploit Issue Tracking Vendor Advisory
http://dev.cmsmadesimple.org/bug/view/12325 Exploit Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.14:*:*:*:*:*:*:*

History

21 Nov 2024, 05:29

Type Values Removed Values Added
References () http://dev.cmsmadesimple.org/bug/view/12325 - Exploit, Issue Tracking, Vendor Advisory () http://dev.cmsmadesimple.org/bug/view/12325 - Exploit, Issue Tracking, Vendor Advisory

Information

Published : 2021-07-02 18:15

Updated : 2024-11-21 05:29


NVD link : CVE-2020-36408

Mitre link : CVE-2020-36408

CVE.ORG link : CVE-2020-36408


JSON object : View

Products Affected

cmsmadesimple

  • cms_made_simple
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')