CMSimple < 2.5 Beta 3 Search Function XSS
Medium Nessus Network Monitor Plugin ID 3103
SynopsisThe remote host is running a version of CMSimple, a content management system.
DescriptionThe remote host is running a version of CMSimple, a content management system. This version of CMSimple is vulnerable to a remote Cross-Site Scripting (XSS) attack. An attacker exploiting this flaw would typically need to be able to convince a user to browse to a malicious URI. Successful exploitation would result in arbitrary code executing in the client browser and possible theft of confidential data (such as authentication cookies).
SolutionUpgrade to version 2.5 Beta 3 or higher.