Vulnerability Description
Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date_format_string parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cmsmadesimple | Cms Made Simple | <= 1.7 |
Related Weaknesses (CWE)
References
- http://blog.cmsmadesimple.org/2010/05/01/announcing-cms-made-simple-1-7-1-escade
- http://int21.de/cve/CVE-2010-1482-cmsmadesimple-xss-backend.htmlExploit
- http://www.securityfocus.com/archive/1/511178Exploit
- http://www.securityfocus.com/bid/39997Patch
- http://blog.cmsmadesimple.org/2010/05/01/announcing-cms-made-simple-1-7-1-escade
- http://int21.de/cve/CVE-2010-1482-cmsmadesimple-xss-backend.htmlExploit
- http://www.securityfocus.com/archive/1/511178Exploit
- http://www.securityfocus.com/bid/39997Patch
FAQ
What is CVE-2010-1482?
CVE-2010-1482 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date_...
How severe is CVE-2010-1482?
CVE-2010-1482 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1482?
Check the references section above for vendor advisories and patch information. Affected products include: Cmsmadesimple Cms Made Simple.