HomePentest-Tools.com Logo

CMS Made Simple <= 2.2.18 Multiple Vulnerabilities CVE-2023-43339CVE-2023-43352CVE-2023-43353CVE-2023-43354CVE-2023-43355CVE-2023-43356CVE-2023-43357CVE-2023-43358CVE-2023-43359CVE-2023-43360CVE-2023-43872

Severity
CVSSv3 Score
5.4
Vulnerability description

CMS Made Simple is prone to multiple vulnerabilities.

Risk description

The following flaws exist: - CVE-2023-43339: Multiple reflected cross-site scripting (XSS) vulnerabilities in the installation sanitization - CVE-2023-43352: Server Side Template Injection (SSTI) vulnerability in the sanitization of the entry in the Content of Content - Content Manager Menu - CVE-2023-43353: Stored XSS vulnerability in the sanitization of the entry in the Extra of Content - News Menu - CVE-2023-43354: Stored XSS vulnerability in the sanitization of the entry in the Profiles of MicroTiny WYSIWYG editor - CVE-2023-43355: Reflected XSS vulnerability in the sanitization of the entry in the password and password of My Preferences - Add user. - CVE-2023-43356: Stored XSS vulnerability in the sanitization of the entry in the Global Metadata of Settings- Global Settings Menu - CVE-2023-43357: Stored XSS vulnerability in the sanitization of the entry in the Title of My Preferences - Manage Shortcuts - CVE-2023-43358: Stored XSS vulnerability in the sanitization of the entry in the Ttile of Content - News Menu - CVE-2023-43359: Stored XSS vulnerability in the sanitization of the entry in the Content Manager Menu - CVE-2023-43360: Stored XSS vulnerability in the sanitization of the entry in the Top Directory of File Picker Menu - CVE-2023-43872: Stored XSS vulnerability in File Manager file upload sanitization

Recommendation

No known solution is available as of 23th October, 2023. Information regarding this issue will be updated once solution details are available.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Sep 25, 2023
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available