3 matches found
CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting (XSS)
Exploit Title: CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting XSS Date: 2021/03/19 Exploit Author: bt0 Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: https://s3.amazonaws.com/cmsms/downloads/14832/cmsms-2.2.15-install.zip Version: 2.2.15 CVE: CVE-2021-28935...
CMS Made Simple 2.2.15 Cross Site Scripting
Exploit Title: CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting XSS Date: 2021/03/19 Exploit Author: bt0 Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: https://s3.amazonaws.com/cmsms/downloads/14832/cmsms-2.2.15-install.zip Version: 2.2.15 CVE: CVE-2021-28935...
CVE-2021-28935
CMS Made Simple (CMSMS) 2.2.15 is affected by an authenticated cross‑site scripting (XSS) vulnerability in /admin/addbookmark.php via Site Admin > My Preferences > Title field. The issue allows an authenticated user to inject scripts, with CVSS:3.1 base score 5.4 (MEDIUM) and CVSS2 base sco...