CVE-2020-24860

Sažetak

CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website.

Reference

http://packetstormsecurity.com/files/159434/CMS-Made-Simple-2.2.14-Cross-Site-Scripting.html
https://www.cmsmadesimple.org
https://www.exploit-db.com/exploits/48851
https://www.youtube.com/watch?v=M6D7DmmjLak&t=22s

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

08-10-2020 - 14:24

Objavljeno

01-10-2020 - 14:15