Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Cmsmadesimple | CMS Made Simple | affected |
|
No data.
No data.
| Vendor | Product | Confidence | Versions | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Cmsmadesimple | Cms Made Simple | 95% |
|
Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 18 May 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Sat, 16 May 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file uploads. Attackers can upload SVG files containing embedded JavaScript to the file manager, which executes when other authenticated users access the uploaded file, enabling cookie theft and session hijacking. | |
| Title | CMS Made Simple 2.2.15 Stored XSS via SVG File Upload | |
| First Time appeared |
Cmsmadesimple
Cmsmadesimple cms Made Simple |
|
| Weaknesses | CWE-79 | |
| CPEs | cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.17:*:*:*:*:*:*:* cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.18:*:*:*:*:*:*:* cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.19:*:*:*:*:*:*:* cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.20:*:*:*:*:*:*:* cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.21:*:*:*:*:*:*:* |
|
| Vendors & Products |
Cmsmadesimple
Cmsmadesimple cms Made Simple |
|
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-05-24T01:36:59.018Z
Reserved: 2026-05-15T14:49:49.739Z
Link: CVE-2020-37238
Vulnrichment
Updated: 2026-05-18T17:12:16.721Z
NVD
Status : Deferred
Published: 2026-05-16T16:16:19.967
Modified: 2026-06-17T03:17:20.177
Link: CVE-2020-37238
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-05-16T17:30:27Z