CVE-2018-18270 Information
Feb 14, 2021
cve
Description
XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php \Content–News–Add Article\ action.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
https://github.com/cmsmadesimple/cmsmadesimple-2-0/issues/12
XSS
exists
in
CMS
Made
Simple
version
2.2.7
via
the
m1_news_url
parameter
in
an
admin/moduleinterface.php
\Content–News–Add
Article
action.
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: