Advertisement






CMS Made Simple 2.2.5 moduleinterface.php m1_errors Cross Site Scripting

CVE Category Price Severity
CVE-2018-5965 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2018-01-24
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018010252

Below is a copy:

CMS Made Simple 2.2.5 moduleinterface.php m1_errors Cross Site Scripting
1.OVERVIEW

CMS Made Simple version 2.2.5 is vulnerable to Reflected Cross-Site Scripting.

2. PRODUCT DESCRIPTION

CMS Made Simple is open source CMS for developing website.

3. VULNERABILITY DESCRIPTION

The CMS Made Simple version 2.2.5 in /admin/moduleinterface.php didn't validate correctly in m1_errors parameter, so it can be execute as malicious javascript code.

4. VERSIONS AFFECTED

2.2.5 and can below.

5. PROOF-OF-CONCEPT

https://kyawminthein901497298.wordpress.com/2018/01/22/cms-made-simple-2-2-5-reflected-cross-site-scripting/

6. IMPACT

This occurs when web application fails to sanitize correctly, so malicious attacker can execute javascript code.

7. SOLUTION

Should some sanitize every user input field.

8. VENDOR

CMS Made Simple version 2.2.5

9. CREDIT

This vulnerability was discovered by Kyaw Min Thein,
https://kyawminthein901497298.wordpress.com/2018/01/22/cms-made-simple-2-2-5-reflected-cross-site-scripting/




10. DISCLOSURE TIME-LINE

1-19-2018 vulnerability reported to vendor
1-21-2018 notified vendor and vendor said they will not give features for using admin permission
1-22-2018 assigned as CVE-2018-5965 by mitre



Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.