CVE-2021-43154: XSS
First published: Wed Apr 13 2022(Updated: )
Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cmsmadesimple Cms Made Simple | =2.2.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-43154?
The severity of CVE-2021-43154 is medium with a CVSS score of 6.1.
How does the Cross Site Scripting (XSS) vulnerability impact CMS Made Simple 2.2.15?
The Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.15 allows attackers to execute malicious scripts in a victim's browser.
How can the Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.15 be exploited?
The Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.15 can be exploited by including malicious scripts in the Name field when performing the Add Category action in moduleinterface.php.
Is there a fix available for CVE-2021-43154?
Yes, upgrading to a version of CMS Made Simple that is not affected by the vulnerability (2.2.16 or above) will fix CVE-2021-43154.
Where can I find more information about the Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.15?
Additional information about the Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.15 can be found at https://elprofesor.me/2021/10/24/stored-cross-site-scripting-via-m1-name-authenticated.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/cmsmadesimple
- canonical/cmsmadesimple cms made simple
- version/cmsmadesimple cms made simple/2.2.15