Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

CMSimple < 2.5 Beta 3 Search Function XSS

Medium

Synopsis

The remote host is running a version of CMSimple, a content management system.

Description

The remote host is running a version of CMSimple, a content management system. This version of CMSimple is vulnerable to a remote Cross-Site Scripting (XSS) attack. An attacker exploiting this flaw would typically need to be able to convince a user to browse to a malicious URI. Successful exploitation would result in arbitrary code executing in the client browser and possible theft of confidential data (such as authentication cookies).

Solution

Upgrade to version 2.5 Beta 3 or higher.