CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-33423

Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.0%

CVSS Severity

CVSS v3 Score 7.4

References

https://github.com/adiapera/xss_language_cmsimple_5.15
https://github.com/adiapera/xss_language_cmsimple_5.15

Products affected by CVE-2024-33423

Cmsimple » Cmsimple » Version: 5.15

cpe:2.3:a:cmsimple:cmsimple:5.15

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-33423

Products

Pricing

Contact Us