CVE-2020-36408: XSS
First published: Fri Jul 02 2021(Updated: )
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Shortcut" parameter under the "Manage Shortcuts" module.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cmsmadesimple Cms Made Simple | =2.2.14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-36408?
The severity of CVE-2020-36408 is medium with a CVSS score of 5.4.
How does the stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 impact users?
The vulnerability allows authenticated attackers to execute arbitrary web scripts or HTML, potentially compromising the security and integrity of the website.
How can an attacker exploit the stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14?
An attacker can exploit the vulnerability by entering a crafted payload into the "Add Shortcut" parameter under the "Manage Shortcuts" module.
Is there a fix available for CVE-2020-36408?
Yes, upgrading CMS Made Simple to a version beyond 2.2.14 will fix the vulnerability.
Where can I find more information about CVE-2020-36408?
You can find more information about CVE-2020-36408 on the CMS Made Simple bug tracker at http://dev.cmsmadesimple.org/bug/view/12325.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/cmsmadesimple
- canonical/cmsmadesimple cms made simple
- version/cmsmadesimple cms made simple/2.2.14