cbcvebase.
CVE-2024-27625
published 2024-03-05

CVE-2024-27625: CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). This vulnerability resides in the File Manager module of the admin panel…

PriorityP419medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.41%
32.9th percentile
CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the "New directory" field.

Affected

1 ranges
VendorProductVersion rangeFixed in
cmsmadesimplecms_made_simple
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.