CVE-2014-2092
CMS Made Simple 1.11.10 - Cross-Site Scripting via ImageManager Editor Frame Action Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Simple 1.11.10 allows remote attackers to inject arbitrary web script or HTML via the action parameter, a different issue than CVE-2014-0334. NOTE: the original disclosure also reported issues that may not cross privilege boundaries.
References (2)
Core 2
Core References
Exploit x_refsource_misc
http://packetstormsecurity.com/files/125353/CMSMadeSimple-1.11.10-Cross-Site-Scripting.html
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65746
Scores
EPSS
0.0032
EPSS Percentile
54.9%
Details
CWE
CWE-79
Status
published
Products (1)
cmsmadesimple/cms_made_simple
1.11.10
Published
Mar 02, 2014
Tracked Since
Feb 18, 2026