XSS Vulnerability in CMS Made Simple 2.2.10 via moduleinterface.php Name Field

XSS Vulnerability in CMS Made Simple 2.2.10 via moduleinterface.php Name Field

CVE-2019-10017 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker.

Learn more about our Web Application Penetration Testing UK.