A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Email address to receive notification of news submission" parameter under the "Options" module.
References
Link | Resource |
---|---|
http://dev.cmsmadesimple.org/bug/view/12325 | Exploit Issue Tracking Vendor Advisory |
Configurations
Information
Published : 2021-07-02 11:15
Updated : 2021-07-06 05:08
NVD link : CVE-2020-36410
Mitre link : CVE-2020-36410
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
cmsmadesimple
- cms_made_simple