CVE-2020-27377

MEDIUM

CMS Made Simple 2.2.14 - Stored Cross-Site Scripting in Administrator Panel Setting News Module

Title source: llm
STIX 2.1

Description

A cross-site scripting (XSS) vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14 which allows an attacker to execute arbitrary web scripts.

References (1)

Core 1
Core References
Exploit, Vendor Advisory x_refsource_misc
http://dev.cmsmadesimple.org/bug/view/12317

Scores

CVSS v3 4.8
EPSS 0.0031
EPSS Percentile 54.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
cmsmadesimple/cms_made_simple 2.2.14
Published Jun 01, 2021
Tracked Since Feb 18, 2026