CMS Made Simple 2.1.6 Cross Site Scripting / Template Injection

2017.11.29
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79

Affected Software : CMS Made Simple Affected Versions: Tested on 2.1.6 Vendor Homepage : http://www.cmsmadesimple.org/ Vulnerability Type : Server-Side Template Injection Severity : Important Status : Fixed CVE-ID : CVE-2017-16783 CVSS Base Score (3.0) :9.8 CVSS Vector String(3.0): AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Netsparker Advisory Reference : NS-17-32 Detailed write up: https://www.netsparker.com/blog/web-security/exploiting-ssti-and-xss-in-cms-made-simple/ For more information: https://www.netsparker.com/web-applications-advisories/ns-17-032-server-side-template-injection-vulnerability-in-cms-made-simple/ Affected Software : CMS Made Simple Affected Versions: 2.2.2 Homepage : http://www.cmsmadesimple.org/ Vulnerability Type : Reflected XSS Severity : Important Status : Fixed CVE-ID : CVE-2017-16784 CVSS Base Score (3.0) :6.3 CVSS Vector String(3.0): AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Netsparker Advisory Reference : NS-17-31 Proof of concept write up: https://www.netsparker.com/blog/web-security/exploiting-ssti-and-xss-in-cms-made-simple/ Fore more information: https://www.netsparker.com/web-applications-advisories/ns-17-031-reflected-xss-vulnerability-in-cms-made-simple/

References:

https://www.netsparker.com/web-applications-advisories/ns-17-032-server-side-template-injection-vulnerability-in-cms-made-simple/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top