A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Exclude these IP addresses from the "Site Down" status" parameter under the "Maintenance Mode" module.
References
Link | Resource |
---|---|
http://dev.cmsmadesimple.org/bug/view/12325 | Exploit Issue Tracking Vendor Advisory |
Configurations
Information
Published : 2021-07-02 11:15
Updated : 2021-07-06 05:07
NVD link : CVE-2020-36413
Mitre link : CVE-2020-36413
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
cmsmadesimple
- cms_made_simple