CVE-2017-17735
CRITICALCMS Made Simple < 2.2.5 - Exposure of Sensitive Information via Cookie Caching
Title source: llmDescription
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.
References (2)
Core 2
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=77737
Issue Tracking, Vendor Advisory x_refsource_confirm
https://www.cmsmadesimple.org/2017/12/Announcing-CMSMS-v2.2.5-Wawa
Scores
CVSS v3
9.8
EPSS
0.0027
EPSS Percentile
51.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-200
Status
published
Products (1)
cmsmadesimple/cms_made_simple
< 2.2.5
Published
Dec 18, 2017
Tracked Since
Feb 18, 2026