CVE-2020-36413: XSS
First published: Fri Jul 02 2021(Updated: )
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Exclude these IP addresses from the "Site Down" status" parameter under the "Maintenance Mode" module.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cmsmadesimple Cms Made Simple | =2.2.14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-36413.
What is the severity of CVE-2020-36413?
The severity of CVE-2020-36413 is considered medium with a severity value of 5.4.
How does CVE-2020-36413 affect CMS Made simple?
CVE-2020-36413 affects CMS Made Simple version 2.2.14.
How can an attacker exploit CVE-2020-36413?
An attacker can exploit CVE-2020-36413 by entering a crafted payload into the "Exclude these IP addresses from the "Site Down" status" parameter under the "Maintenance Mode" module.
Is there a fix for CVE-2020-36413?
Yes, upgrading to a version of CMS Made Simple that is not affected by this vulnerability is recommended to fix CVE-2020-36413.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/weakness
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/cmsmadesimple
- canonical/cmsmadesimple cms made simple
- version/cmsmadesimple cms made simple/2.2.14