Summary:
Stored Cross-site Scripting Vulnerability in Settings-News module in CMS Made Simple
Detailed Description:
Hello CMSMS Team,
I am reaching out to report a Stored XSS vulnerability via Settings - News
module feature from CMS Made Simple version 2.2.10.
Steps to reproduce:
- Navigate to Admin Dashboard
- Click on Site Admin -> Settings - News Module
- Click on "Field Definitions"
- Click on "Add Field Definition"
- In "Name" field, input payload: <img/src=1 onerror=alert(document.cookie)>
- Click "Submit"
- After submitting, payload will be executed every time we the "Settings - News
module" page.
Back to List