Cache Poisoning and XSS Vulnerability in CMS Made Simple

Cache Poisoning and XSS Vulnerability in CMS Made Simple

CVE-2016-2784 · LOW Severity

AV:N/AC:H/AU:N/C:N/I:P/A:N

CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request.

Learn more about our Web Application Penetration Testing UK.