CVE-2023-43339
https://notcve.org/view.php?id=CVE-2023-43339
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components. La vulnerabilidad de Cross-Site Scripting (XSS) en cmsmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un payload manipulado inyectado en los componentes Nombre de la base de datos, Usuario de la base de datos o Puerto de la base de datos. • https://github.com/sromanhu/CVE-2023-43339-CMSmadesimple-Reflected-XSS---Installation http://www.cmsmadesimple.org https://github.com/sromanhu/CVE-2023-43339-CMSmadesimple-Reflected-XSS---Installation/blob/main/README.md https://github.com/sromanhu/Cmsmadesimple-CMS-Stored-XSS/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2005-2392
https://notcve.org/view.php?id=CVE-2005-2392
Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function. Vulnerabilidad de secuencia de comandos en sitios cruzados en index.php para CMSSimple 2.4 y anteriores permite que atacantes remotos inyecten script web arbitrario o HTML mediante el parámetro "search" en la función de búsqueda. • http://lostmon.blogspot.com/2005/07/cmsimple-search-variable-xss.html http://secunia.com/advisories/16147 http://securitytracker.com/id?1014556 http://www.aria-security.net/advisory/cmsimple.txt http://www.cmsimple.dk/forum/viewtopic.php?t=2470 http://www.osvdb.org/18128 http://www.securityfocus.com/archive/1/442106/100/100/threaded http://www.securityfocus.com/bid/14346 •