2 matches found
CVE-2020-36409
A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Category" parameter under the "Categories" module...
CVE-2020-36409
CMS Made Simple 2.2.14 contains a stored XSS in the Add Category field of the Categories module that requires authentication to exploit. Several sources corroborate this vulnerability and indicate related fixes are available in version 2.2.15 and later. Impact is reflected as executing arbitrary ...