CVE-2020-36412: XSS
First published: Fri Jul 02 2021(Updated: )
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Search Text" field under the "Admin Search" module.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cmsmadesimple Cms Made Simple | =2.2.14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-36412?
The severity of CVE-2020-36412 is medium with a CVSS score of 5.4.
How does the stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 impact the system?
Authenticated attackers can execute arbitrary web scripts or HTML by entering a crafted payload into the "Search Text" field under the "Admin Search" module.
Which version of CMS Made Simple is affected by CVE-2020-36412?
Only version 2.2.14 of CMS Made Simple is affected by CVE-2020-36412.
Is authentication required to exploit the stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14?
Yes, authentication is required to exploit the stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14.
Is there a fix available for CVE-2020-36412?
Yes, it is recommended to upgrade CMS Made Simple to a version higher than 2.2.14 to fix CVE-2020-36412.
- collector/nvd-index
- vendor/cmsmadesimple
- canonical/cmsmadesimple cms made simple
- version/cmsmadesimple cms made simple/2.2.14