CVE-2005-2392

Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function.

Published: Jul 27, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-2392
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cmsmadesimple / cms_made_simple	2.4-beta3	2.4-beta3.x
cmsmadesimple / cms_made_simple	2.0-beta2	2.0-beta2.x
cmsmadesimple / cms_made_simple	beta_2	beta_2.x
cmsmadesimple / cms_made_simple	2.2-beta2	2.2-beta2.x
cmsmadesimple / cms_made_simple	2.2-beta3	2.2-beta3.x
cmsmadesimple / cms_made_simple	1.2	1.2.x
cmsmadesimple / cms_made_simple	beta_1	beta_1.x
cmsmadesimple / cms_made_simple	2.4-beta1	2.4-beta1.x
cmsmadesimple / cms_made_simple	2.0-beta4	2.0-beta4.x
cmsmadesimple / cms_made_simple	2.2-beta1	2.2-beta1.x
cmsmadesimple / cms_made_simple	2.3-beta5	2.3-beta5.x
cmsmadesimple / cms_made_simple	2.2-beta4	2.2-beta4.x
cmsmadesimple / cms_made_simple	2.4_beta	2.4_beta.x
cmsmadesimple / cms_made_simple	2.1	2.1.x
cmsmadesimple / cms_made_simple	2.3-beta3	2.3-beta3.x
cmsmadesimple / cms_made_simple	1.1	1.1.x
cmsmadesimple / cms_made_simple	2.2	2.2.x
cmsmadesimple / cms_made_simple	2.4-beta2	2.4-beta2.x
cmsmadesimple / cms_made_simple	2.4-beta4	2.4-beta4.x
cmsmadesimple / cms_made_simple	1.3-beta1	1.3-beta1.x
cmsmadesimple / cms_made_simple	2.3-beta1	2.3-beta1.x
cmsmadesimple / cms_made_simple	2.3	2.3.x
cmsmadesimple / cms_made_simple	1.3-beta2	1.3-beta2.x
cmsmadesimple / cms_made_simple	1.0	1.0.x
cmsmadesimple / cms_made_simple	2.0-beta3	2.0-beta3.x
cmsmadesimple / cms_made_simple	2.3-beta2	2.3-beta2.x
cmsmadesimple / cms_made_simple	2.4-beta5	2.4-beta5.x
cmsmadesimple / cms_made_simple	2.3-beta4	2.3-beta4.x
cmsmadesimple / cms_made_simple	2.0-beta1	2.0-beta1.x

Vulnerability Database

289,697

CVE-2005-2392