cbcvebase.
CVE-2016-2784
published 2016-05-26

CVE-2016-2784: CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify…

PriorityP430medium4.7CVSS 3.0
AVNACHPRNUIRSCCLILAN
EXPLOIT
EPSS
2.45%
82.3th percentile
CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request.

Affected

80 ranges· showing 25
VendorProductVersion rangeFixed in
cmsmadesimplecms_made_simple
cmsmadesimplecms_made_simple
cmsmadesimplecms_made_simple
cmsmadesimplecms_made_simple
cmsmadesimplecms_made_simple
cmsmadesimplecms_made_simple
cmsmadesimplecms_made_simple
cmsmadesimplecms_made_simple
cmsmadesimplecms_made_simple
cmsmadesimplecms_made_simple
cmsmadesimplecms_made_simple
cmsmadesimplecms_made_simple
cmsmadesimplecms_made_simple
cmsmadesimplecms_made_simple
cmsmadesimplecms_made_simple
cmsmadesimplecms_made_simple
cmsmadesimplecms_made_simple
cmsmadesimplecms_made_simple
cmsmadesimplecms_made_simple
cmsmadesimplecms_made_simple
cmsmadesimplecms_made_simple
cmsmadesimplecms_made_simple
cmsmadesimplecms_made_simple
cmsmadesimplecms_made_simple
cmsmadesimplecms_made_simple

CVSS provenance

nvdv3.04.7MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.