adiapera/xss_language_cmsimple_5.15

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-33423 ↗	May 1, 2024Wednesday, 1 May 2024, 20:15	7.4 HIGH	—
Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section.
CVE-2024-33424 ↗	May 1, 2024Wednesday, 1 May 2024, 19:15	6.1 MEDIUM	—
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section.
CVE-2024-32344 ↗	Apr 17, 2024Wednesday, 17 April 2024, 21:15	6.8 MEDIUM	—
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section.
CVE-2024-32345 ↗	Apr 17, 2024Wednesday, 17 April 2024, 21:15	7.2 HIGH	—
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section.