CVE-2023-43355

MEDIUM

CMS Made Simple 2.2.18 - Cross-Site Scripting via My Preferences Add User Password Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-43355. PoCs published by sromanhu.

AI-analyzed exploit summary The repository provides a technical analysis of CVE-2023-43355, detailing a reflected XSS vulnerability in CMSmadesimple v2.2.18. It includes payload examples and visual evidence of the exploit in action, demonstrating the vulnerability's mechanics.

Description

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.

Exploits (1)

nomisec WRITEUP
by sromanhu · poc
https://github.com/sromanhu/CVE-2023-43355-CMSmadesimple-Reflected-XSS---Add-user

The repository provides a technical analysis of CVE-2023-43355, detailing a reflected XSS vulnerability in CMSmadesimple v2.2.18. It includes payload examples and visual evidence of the exploit in action, demonstrating the vulnerability's mechanics.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: CMSmadesimple v2.2.18
Auth required
Prerequisites: Access to the CMSmadesimple admin panel · Ability to navigate to the 'My Preferences - Add user' section
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 5.4
EPSS 0.0049
EPSS Percentile 37.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
cmsmadesimple/cms_made_simple 2.2.18
Published Oct 20, 2023
Tracked Since Feb 18, 2026