CVE-2023-36970: XSS
First published: Thu Jul 06 2023(Updated: )
A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cmsmadesimple Cms Made Simple | =2.2.17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-36970?
The severity of CVE-2023-36970 is medium with a score of 5.4.
What is the vulnerability in CMS Made Simple v2.2.17?
The vulnerability in CMS Made Simple v2.2.17 is a Cross-site scripting (XSS) vulnerability.
How does the vulnerability in CMS Made Simple v2.2.17 impact remote attackers?
The vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function.
What is the Common Weakness Enumeration (CWE) ID of CVE-2023-36970?
The Common Weakness Enumeration (CWE) ID of CVE-2023-36970 is 79.
Is there a reference for more information about CVE-2023-36970?
Yes, you can find more information about CVE-2023-36970 at the following link: [CVE-2023-36970 Reference](https://okankurtulus.com.tr/2023/06/27/cms-made-simple-v2-2-17-stored-cross-site-scripting-xss-authenticated/)
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/cmsmadesimple
- canonical/cmsmadesimple cms made simple
- version/cmsmadesimple cms made simple/2.2.17