CVSS: 4.7EPSS: 94%CPEs: 80EXPL: 1CVE-2016-2784 – CMS Made Simple < 1.12.1 / < 2.1.3 - Web Server Cache Poisoning
https://notcve.org/view.php?id=CVE-2016-2784
CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request. CMS Made Simple 2.x en versiones anteriores a 2.1.3 y 1.x en versiones anteriores a 1.12.2, cuando está activada la Smarty Cache, permiten a atacantes remotos llevar a cabo ataques de envenenamiento de la caché, modificar enlaces y llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) a través de una cabecera HTTP Host manipulada en una petición. CMS Made Simple versions prior to 2.1.3 and 1.12.2 suffer from a web server cache poisoning vulnerability. • https://www.exploit-db.com/exploits/39760 http://packetstormsecurity.com/files/136897/CMS-Made-Simple-Cache-Poisoning.html http://seclists.org/fulldisclosure/2016/May/15 http://www.cmsmadesimple.org/2016/03/Announcing-CMSMS-1-12-2-kolonia http://www.cmsmadesimple.org/2016/04/Announcing-CMSMS-2-1-3-Black-Point http://www.securityfocus.com/archive/1/538272/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0CVE-2005-2392
https://notcve.org/view.php?id=CVE-2005-2392
Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function. Vulnerabilidad de secuencia de comandos en sitios cruzados en index.php para CMSSimple 2.4 y anteriores permite que atacantes remotos inyecten script web arbitrario o HTML mediante el parámetro "search" en la función de búsqueda. • http://lostmon.blogspot.com/2005/07/cmsimple-search-variable-xss.html http://secunia.com/advisories/16147 http://securitytracker.com/id?1014556 http://www.aria-security.net/advisory/cmsimple.txt http://www.cmsimple.dk/forum/viewtopic.php?t=2470 http://www.osvdb.org/18128 http://www.securityfocus.com/archive/1/442106/100/100/threaded http://www.securityfocus.com/bid/14346 •