CVE-2024-27625: XSS
First published: Tue Mar 05 2024(Updated: )
CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the "New directory" field.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CMS Made Simple | ||
| Simple CMS | =2.2.19 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-27625?
CVE-2024-27625 has been classified as a medium severity Cross Site Scripting (XSS) vulnerability.
How do I fix CVE-2024-27625?
To fix CVE-2024-27625, you should update CMS Made Simple to the latest version where the vulnerability is patched.
Which version of CMS Made Simple is affected by CVE-2024-27625?
CVE-2024-27625 affects CMS Made Simple version 2.2.19.
What module in CMS Made Simple is vulnerable in CVE-2024-27625?
The File Manager module in the admin panel of CMS Made Simple is vulnerable in CVE-2024-27625.
What type of vulnerability is CVE-2024-27625 classified as?
CVE-2024-27625 is classified as a Cross Site Scripting (XSS) vulnerability.
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- vendor/cms made simple
- canonical/cms made simple
- vendor/cmsmadesimple
- canonical/simple cms
- version/simple cms/2.2.19