Medium severity6.4NVD Advisory· Published May 16, 2026· Updated May 18, 2026
CVE-2020-37238
CVE-2020-37238
Description
CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file uploads. Attackers can upload SVG files containing embedded JavaScript to the file manager, which executes when other authenticated users access the uploaded file, enabling cookie theft and session hijacking.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=2.2.15
- Range: = 2.2.15
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.