CMS Made Simple version 2.1.6 suffers from cross site scripting and server-side template injection vulnerabilities.
6b78c3370b093a9afe1f6852a2f1df3a510d50c437d422d4e858dd8f8493fba3Affected Software : CMS Made Simple
Affected Versions: Tested on 2.1.6
Vendor Homepage : http://www.cmsmadesimple.org/
Vulnerability Type : Server-Side Template Injection
Severity : Important
Status : Fixed
CVE-ID : CVE-2017-16783
CVSS Base Score (3.0) :9.8
CVSS Vector String(3.0): AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Netsparker Advisory Reference : NS-17-32
Detailed write up:
https://www.netsparker.com/blog/web-security/exploiting-ssti-and-xss-in-cms-made-simple/
For more information:
https://www.netsparker.com/web-applications-advisories/ns-17-032-server-side-template-injection-vulnerability-in-cms-made-simple/
Affected Software : CMS Made Simple
Affected Versions: 2.2.2
Homepage : http://www.cmsmadesimple.org/
Vulnerability Type : Reflected XSS
Severity : Important
Status : Fixed
CVE-ID : CVE-2017-16784
CVSS Base Score (3.0) :6.3
CVSS Vector String(3.0): AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Netsparker Advisory Reference : NS-17-31
Proof of concept write up:
https://www.netsparker.com/blog/web-security/exploiting-ssti-and-xss-in-cms-made-simple/
Fore more information:
https://www.netsparker.com/web-applications-advisories/ns-17-031-reflected-xss-vulnerability-in-cms-made-simple/
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed