CVE-2024-21443

Summary

CVE-2024-1529 is a newly discovered Cross-Site Scripting (XSS) vulnerability affecting CMS Made Simple version 2.2.14. The flaw stems from insufficient input encoding in the /admin/adduser.php file, which allows a remote attacker to inject malicious JavaScript code into user sessions. By successfully exploiting this vulnerability, an attacker can partially hijack an authenticated user's browser session. This issue poses a significant risk to websites using the affected CMS version and should be addressed promptly through patches or upgrades.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.