CVE-2024-27625

{"id": "CVE-2024-27625", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2024-03-05T14:15:49.160", "references": [{"url": "https://packetstormsecurity.com/files/177243/CMS-Made-Simple-2.2.19-Cross-Site-Scripting.html", "tags": ["Exploit", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://packetstormsecurity.com/files/177243/CMS-Made-Simple-2.2.19-Cross-Site-Scripting.html", "tags": ["Exploit", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the \"New directory\" field."}, {"lang": "es", "value": "CMS Made Simple versi\u00f3n 2.2.19 es vulnerable a Cross Site Scripting (XSS). Esta vulnerabilidad reside en el m\u00f3dulo Administrador de archivos del panel de administraci\u00f3n. Espec\u00edficamente, el problema surge debido a una sanitizaci\u00f3n inadecuada de la entrada del usuario en el campo \"Nuevo directorio\"."}], "lastModified": "2025-03-28T16:07:53.420", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB09A515-0F41-407D-AD7B-908F4341358A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}