6 matches found
CVE-2024-33424
A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section...
CVE-2024-33424
A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section...
CVE-2024-33424
A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section...
CVE-2024-33424
A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section...
CVE-2024-33424
CMSimple v5.15 is affected by an XSS in the Settings menu, via the Downloads parameter under Language. The vulnerability allows arbitrary web scripts/HTML to run in the user context when a crafted payload is used. Documented by multiple sources (CVE-2024-33424; RH; CNVD/CNNVD variants) with no ex...
PT-2024-25247 · Cmsimple · Cmsimple
Name of the Vulnerable Software and Affected Versions: CMSimple version 5.15 Description: A cross-site scripting XSS vulnerability in the Settings menu allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section...