Description
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) the htmlblob parameter to admin/addhtmlblob.php, the (3) title or (4) url parameter to admin/addbookmark.php, (5) the stylesheet_name parameter to admin/copystylesheet.php, (6) the template_name parameter to admin/copytemplate.php, the (7) title or (8) url parameter to admin/editbookmark.php, (9) the template parameter to admin/listtemplates.php, or (10) the css_name parameter to admin/listcss.php, a different issue than CVE-2014-2092.
Exploits (1)
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65898
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/526062
Scores
EPSS
0.0085
EPSS Percentile
75.0%
Details
CWE
CWE-79
Status
published
Products (1)
cmsmadesimple/cms_made_simple
Published
Mar 02, 2014
Tracked Since
Feb 18, 2026