First published: Fri Oct 12 2018(Updated: )
XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Simple CMS | =2.2.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-18270 is classified as a high severity vulnerability due to its potential for cross-site scripting (XSS) attacks.
To fix CVE-2018-18270, update CMS Made Simple to the latest version beyond 2.2.7.
CVE-2018-18270 allows attackers to inject malicious scripts into web pages viewed by administrators, compromising the security of the CMS.
CVE-2018-18270 specifically affects CMS Made Simple version 2.2.7.
CVE-2018-18270 can be exploited through the m1_news_url parameter in the admin module interface when adding articles.