Published: 02/03/2014 Updated: 24/07/2015

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 355

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) the htmlblob parameter to admin/addhtmlblob.php, the (3) title or (4) url parameter to admin/addbookmark.php, (5) the stylesheet_name parameter to admin/copystylesheet.php, (6) the template_name parameter to admin/copytemplate.php, the (7) title or (8) url parameter to admin/editbookmark.php, (9) the template parameter to admin/listtemplates.php, or (10) the css_name parameter to admin/listcss.php, a different issue than CVE-2014-2092.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cmsmadesimple cms made simple

> Vulnerabilities in CMS Made Simple, version 1119 > Discovered by Pedro Ribeiro (pedrib@gmailcom) of Agile Information Security > Reported to ted@cmsmadesimpleorg and calguy1000@cmsmadesimpleorg Disclosure: 28/02/2014 / Last updated: 12/10/2014 CMS Made Simple, an open source content management system, allows for faster and easier ...

CWE-79 http://www.kb.cert.org/vuls/id/526062 http://www.securityfocus.com/bid/65898 https://nvd.nist.gov https://www.exploit-db.com/exploits/43889/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-0334

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect