CVE-2020-36410: XSS
First published: Fri Jul 02 2021(Updated: )
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Email address to receive notification of news submission" parameter under the "Options" module.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cmsmadesimple Cms Made Simple | =2.2.14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-36410?
The severity of CVE-2020-36410 is medium with a CVSS score of 5.4.
How does the stored cross scripting vulnerability in CMS Made Simple 2.2.14 affect the system?
The vulnerability allows authenticated attackers to execute arbitrary web scripts or HTML.
Who can exploit this vulnerability?
Only authenticated attackers can exploit this vulnerability in CMS Made Simple 2.2.14.
What is the affected software version?
The affected software version is CMS Made Simple 2.2.14.
Is there a fix available for CVE-2020-36410?
Yes, there is a fix available. It is recommended to update to the latest version of CMS Made Simple.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/severity
- agent/description
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/cmsmadesimple
- canonical/cmsmadesimple cms made simple
- version/cmsmadesimple cms made simple/2.2.14