kilooooo

2 exploits Active since Mar 2024
CVE-2024-27558 WRITEUP MEDIUM WRITEUP
Stupid Simple CMS < 1.2.4 - Stored Cross-Site Scripting in Blog Title
Stupid Simple CMS 1.2.4 is vulnerable to Cross Site Scripting (XSS) within the blog title of the settings.
CVSS 6.1
CVE-2024-27559 WRITEUP MEDIUM WORKING POC
codelyfe stupid_simple_cms < 1.2.4 - Cross-Site Request Forgery via /save_settings.php
Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /save_settings.php
CVSS 6.3