Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter (aka the Email Address field in the Edit User template).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CMS Made Simple ‘email’ 参数HTML注入漏洞
Vulnerability Description
CMS Made Simple(CMSMS)是CMSMS团队开发的一套开源的内容管理系统(CMS)。该系统支持基于角色的权限管理系统、基于向导的安装与更新机制、智能缓存机制等。 CMS Made Simple中存在HTML注入漏洞,该漏洞源于对用户提供的输入未经验证。攻击者提供的HTML或JavaScript代码可在受影响站点的上下文中运行,可能允许攻击者窃取基于cookie的认证证书,控制网站传达给用户的方式,也可能执行其他的攻击。CMS Made Simple 1.10.3版本中存在该漏洞,其他版本也
CVSS Information
N/A
Vulnerability Type
N/A