CMSimple < 2.4 Beta 5 Multiple Remote Input Validation Vulnerabilities

Medium Nessus Network Monitor Plugin ID 2544

Synopsis

The remote host is vulnerable to an HTML injection attack.

Description

The remote host is running a version of CMSimple, a content management system. The remote version of this software is prone to multiple input validation vulnerabilities. An attacker may exploit these flaws to inject arbitrary code to steal authentication cookies.

Solution

Upgrade to CMSimple 2.4 Beta 5 or higher.

Plugin Details

Severity: Medium

ID: 2544

Family: CGI

Published: 2005/01/19

Modified: 2016/01/21

Dependencies: 1442

Nessus ID: 19693

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS3#E:H/RL:O/RC:X

Reference Information

BID: 12303