3 matches found
Cross-Site Scripting (XSS) in CMSimple
Advisory ID: HTB23205 Product: CMSimple Vendor: Preben Bjorn Biermann Madsen Vulnerable Versions: 3.54 and probably prior Tested Version: 3.54 Advisory Publication: February 26, 2014 without technical details Vendor Notification: February 26, 2014 Vendor Patch: February 26, 2014 Public Disclosure...
CVE-2014-2219
CMSimple Classic 3.54 and earlier contains a reflected XSS in /whizzywig/wb.php where the d parameter is not properly sanitized. A remote attacker can induce a logged-in user to visit a crafted URL to execute arbitrary HTML/JavaScript in the browser. Vendor patch: fixed by the vendor on 2014-02-2...
CVE-2014-2219
Cross-site scripting XSS vulnerability in whizzywig/wb.php in CMSimple Classic 3.54 and earlier, possibly as downloaded before February 26, 2014, allows remote attackers to inject arbitrary web script or HTML via the d parameter...