CMS MADE SIMPLE FORGE

CMS Made Simple Core

Back to List

[#12776] Cross Site Scripting(XSS) on Site Admin Settings News module adding extensions tab

Created By: Athul S (RoniX1122)

Date Submitted: Sat Feb 22 23:19:53 -0500 2025

Assigned To: CMS Made Simple Foundation (cmsmsfoundation)

Version: 2.2.21

CMSMS Version: 2.2.21

Severity: Minor

Resolution: Won't Fix

State: Open

Summary:

Cross Site Scripting(XSS) on Site Admin Settings News module adding extensions tab

Detailed Description:

A Cross Site Scripting Attack found in the Add extension tab in News module
settings in Site Admin. This Vulnerability allow an attackers steal sensitive
datas or cookies through injecting arbitrary javascripts.

payload used = "><svg/onload=prompt("XSS")>

Reference PoC video:
https://drive.google.com/file/d/1x-7slGOyf-0HJFCsrv79Nf8JfFDlHYJ4/view?usp=drive_link

History

Date: 2025-02-23 00:04
Posted By: Matt Hornsby (DIGI3) (DIGI3)

Please see
https://www.cmsmadesimple.org/community/get-involved/report-a-vulnerability

Updated: 2025-02-23 00:04
resolution_id: => 8

CMSMS | CMS Made Simple

CMS MADE SIMPLE FORGE

CMS Made Simple Core

[#12776] Cross Site Scripting(XSS) on Site Admin Settings News module adding extensions tab

History