CVE-2020-24860: XSS
First published: Thu Oct 01 2020(Updated: )
CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cmsmadesimple Cms Made Simple | =2.2.14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-24860?
CVE-2020-24860 is a vulnerability in CMS Made Simple 2.2.14 that allows an authenticated user with access to the Content Manager to edit content and execute persistent cross-site scripting (XSS) attacks.
How does CVE-2020-24860 work?
An authenticated user with access to the Content Manager can edit content and insert malicious XSS payloads into the affected text fields, which can then be executed when another authenticated user visits the website and their cookies can be stolen.
What is the severity of CVE-2020-24860?
CVE-2020-24860 has a severity rating of medium with a CVSS score of 5.4.
How can I fix CVE-2020-24860?
Upgrade CMS Made Simple to a version higher than 2.2.14 to mitigate the vulnerability.
Where can I find more information about CVE-2020-24860?
You can find more information about CVE-2020-24860 on the CMS Made Simple website and the provided references.
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/event
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/cmsmadesimple
- canonical/cmsmadesimple cms made simple
- version/cmsmadesimple cms made simple/2.2.14