Cache Poisoning and XSS Vulnerability in CMS Made Simple
CVE-2016-2784 · LOW Severity
AV:N/AC:H/AU:N/C:N/I:P/A:N
CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request.
Learn more about our Web Application Penetration Testing UK.