ID:3814 - Exploit for Cross-site scripting in CMS Made Simple - CVE-2016-2784

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:3814 - Exploit for Cross-site scripting in CMS Made Simple - CVE-2016-2784

ID:3814 - Exploit for Cross-site scripting in CMS Made Simple - CVE-2016-2784

Published: August 9, 2020


Vulnerability identifier: #VU40264
Vulnerability risk: Low
CVE-ID: CVE-2016-2784
CWE-ID: CWE-79
Exploitation vector: Remote access
Vulnerable software:
CMS Made Simple

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request.


Remediation

Install update from vendor's website.