A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "URL (slug)" or "Extra" fields under the "Add Article" feature.
References
Link | Resource |
---|---|
http://dev.cmsmadesimple.org/bug/view/12325 | Exploit Issue Tracking Vendor Advisory |
Configurations
Information
Published : 2021-07-02 11:15
Updated : 2021-07-06 05:07
NVD link : CVE-2020-36414
Mitre link : CVE-2020-36414
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
cmsmadesimple
- cms_made_simple