XSS Vulnerability in CMSimple 4.7.5 via SVG File Upload

XSS Vulnerability in CMSimple 4.7.5 via SVG File Upload

CVE-2018-19508 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/ URI.

Learn more about our User Device Pen Test.