XSS Vulnerability in CMS Made Simple 2.2.10 via 'moduleinterface.php' Name Field

XSS Vulnerability in CMS Made Simple 2.2.10 via 'moduleinterface.php' Name Field

CVE-2019-10106 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section.

Learn more about our Web Application Penetration Testing UK.