CVE-2017-16799: XSS
First published: Sun Nov 12 2017(Updated: )
In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cmsmadesimple Cmsmadesimple | =2.2.3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this CMS Made Simple vulnerability?
The vulnerability ID for this CMS Made Simple vulnerability is CVE-2017-16799.
What is the severity of CVE-2017-16799?
The severity of CVE-2017-16799 is medium with a CVSS score of 5.4.
How does CVE-2017-16799 impact CMS Made Simple 2.2.3.1?
CVE-2017-16799 allows for stored XSS attacks in CMS Made Simple 2.2.3.1 through the m1_name parameter during the addition of a category.
How can I fix CVE-2017-16799 in CMS Made Simple 2.2.3.1?
To fix CVE-2017-16799 in CMS Made Simple 2.2.3.1, you should update to a version that includes a fix for the vulnerability.
Is there any additional information available about CVE-2017-16799?
Yes, you can find additional information about CVE-2017-16799 in the reference provided: https://github.com/bsmali4/cve/blob/master/CMS%20Made%20Simple%20Stored%20XSS.md
- collector/nvd-index
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/cmsmadesimple
- canonical/cmsmadesimple cmsmadesimple
- version/cmsmadesimple cmsmadesimple/2.2.3.1