{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-03-28T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/136897/CMS-Made-Simple-Cache-Poisoning.html"}, {"name": "20160506 CVE-2016-2784: CMS Made Simple < 2.1.3 & < 1.12.2 Web server Cache Poisoning", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/May/15"}, {"name": "20160504 CVE-2016-2784: CMS Made Simple < 2.1.3 & < 1.12.2 Web server Cache Poisoning", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/538272/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.cmsmadesimple.org/2016/03/Announcing-CMSMS-1-12-2-kolonia/"}, {"name": "39760", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/39760/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.cmsmadesimple.org/2016/04/Announcing-CMSMS-2-1-3-Black-Point/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-2784", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/136897/CMS-Made-Simple-Cache-Poisoning.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/136897/CMS-Made-Simple-Cache-Poisoning.html"}, {"name": "20160506 CVE-2016-2784: CMS Made Simple < 2.1.3 & < 1.12.2 Web server Cache Poisoning", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/May/15"}, {"name": "20160504 CVE-2016-2784: CMS Made Simple < 2.1.3 & < 1.12.2 Web server Cache Poisoning", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/538272/100/0/threaded"}, {"name": "http://www.cmsmadesimple.org/2016/03/Announcing-CMSMS-1-12-2-kolonia/", "refsource": "CONFIRM", "url": "http://www.cmsmadesimple.org/2016/03/Announcing-CMSMS-1-12-2-kolonia/"}, {"name": "39760", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/39760/"}, {"name": "http://www.cmsmadesimple.org/2016/04/Announcing-CMSMS-2-1-3-Black-Point/", "refsource": "CONFIRM", "url": "http://www.cmsmadesimple.org/2016/04/Announcing-CMSMS-2-1-3-Black-Point/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:32:21.148Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/136897/CMS-Made-Simple-Cache-Poisoning.html"}, {"name": "20160506 CVE-2016-2784: CMS Made Simple < 2.1.3 & < 1.12.2 Web server Cache Poisoning", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2016/May/15"}, {"name": "20160504 CVE-2016-2784: CMS Made Simple < 2.1.3 & < 1.12.2 Web server Cache Poisoning", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/538272/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.cmsmadesimple.org/2016/03/Announcing-CMSMS-1-12-2-kolonia/"}, {"name": "39760", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/39760/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.cmsmadesimple.org/2016/04/Announcing-CMSMS-2-1-3-Black-Point/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-2784", "datePublished": "2016-05-26T14:00:00.000Z", "dateReserved": "2016-02-29T00:00:00.000Z", "dateUpdated": "2024-08-05T23:32:21.148Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "43F7E5BD-553E-4731-BED1-7E7DB772AD82", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F4BF3B2C-1909-4CCF-A487-6378615D6A4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "AD2946B5-8AAF-4386-8C31-7D291C31BB7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "5AB06C16-336C-4D85-84F6-24F079A2B144", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "4FB1C531-AA30-4B89-A8BF-744B053B4983", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "DD0AE7F4-49F8-443A-9C8F-2F1C42F46713", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "0203A997-A077-4A8A-A3FE-CA9D10FF43AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "A5AAB099-B114-4A99-B086-9BA7866D4E7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "942BF218-1898-4135-9CA9-FAE4F091C883", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "574E610A-4799-45C9-B005-C1593B033AD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3F3B9680-3A66-4508-A318-B9B348FDC222", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "9BDADD27-8249-4DE3-A2B5-EE1A3AD73F28", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "87178F45-424A-47D8-BEA5-B8371B722CC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "49DE10A7-9BC6-4B33-97FC-5FEB44AEAFBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "A2FA0450-91E6-4250-A1D1-F2CFBB74A5B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "98D93656-A4D2-44C4-82EC-55C8BE1A7304", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "BAEAE47F-5A26-474E-8F7F-72976A8FEBA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "E188A80A-980F-4AD8-B3B8-21D303121F35", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "E730A3A8-8A60-4CC5-B167-26984DE0DA3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "FA19F5B2-7C5C-43DD-85ED-E2CD4EF6E748", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "778E5678-B763-415E-AA35-EF644E7A2CD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "91C39415-8F99-45FB-BE00-1888901BB4D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "8F8649F4-1A33-41AE-888F-2D6BB19BCB6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "2DC37F28-C58A-4492-A107-4348ECE9AAFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "206B72EC-895E-4DA0-B41B-AAE41E53C108", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "CC131029-CE9C-437E-B3D3-7924062E14D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "AF34A817-09AC-4C7E-916B-1B158C5EE599", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "20E8FFE1-9431-4146-AFD3-5491F5FE3C23", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "C1016173-D980-4909-86C0-81C94711FE27", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "068BF668-9626-4CA4-A401-1946DCF916AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "DA029BD9-1025-4802-BAE2-BEE218715FC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "9928102A-27E2-4604-93F4-318BA7CDCAFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "F1EECFB4-7001-411F-BBAE-BABD5248E4B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "40C6F2FA-0518-4B2A-9F05-51897A16AF6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "A35145EB-E7A7-48EC-91A9-9D423F316712", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "589C199E-12F9-41CF-BFE0-4B952B773460", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "7BB9992D-2EF4-4DBF-898A-6284A074403E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "B18A2D88-5B3E-4CCF-B979-F7D7A9F7EA1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "36B86387-A26E-4017-B3FA-45E1BF90D9B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "9295BA82-379C-43FE-B2D1-B7929E108F0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.7:*:*:*:*:*:*:*", "matchCriteriaId": "2F14D3BD-5835-4206-BE44-72F31F46D067", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "61F2E017-EEBD-473F-A15A-FD7B52A74E5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.8:*:*:*:*:*:*:*", "matchCriteriaId": "EE7E3436-2FF9-4DC6-A552-A46330220AF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "8C5A4D84-4C6D-453D-B1D3-2445DD7213C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "4EC3F038-4441-4409-9384-26565F6385EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9:*:*:*:*:*:*:*", "matchCriteriaId": "CF32C8E8-0937-453E-9487-395331A50611", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "9523997A-4302-411D-8BF2-711A28969704", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "95ED7D98-40D4-41C3-8029-EDC5A41EEBAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "D3F744F6-DCAE-486A-BED8-F560186628C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "A152CC40-72E0-4200-8670-CD99C69141EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "F9B346F2-919D-4D5E-AFFF-25531AC3676E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "F7C0B4EB-BA28-4BBE-8A73-926DC0B38F54", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "2DA09626-9C30-4FAB-82A6-A7D5903127BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.10:*:*:*:*:*:*:*", "matchCriteriaId": "4263AF5A-FE04-4EAC-87C2-03B042C0A71E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "ECB069E1-970B-456E-B477-DCD68F4CCCBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "0D205015-13AE-45D2-9309-3D9C90B0C3D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.10.3:*:*:*:*:*:*:*", "matchCriteriaId": "18C19AF4-A88F-4835-8A36-394637C6BD64", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11:*:*:*:*:*:*:*", "matchCriteriaId": "578303F3-6729-45A9-8DBE-A2C393E7BB2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "93A32CE1-85A4-417F-90D4-1378B61A45E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "D63AC3D8-0297-423B-9D50-59F7B1582348", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "272A22FB-4553-47FD-88D6-B2D0C096F6EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11.3:*:*:*:*:*:*:*", "matchCriteriaId": "C57412ED-477E-463D-91AB-CC02149A6E23", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11.4:*:*:*:*:*:*:*", "matchCriteriaId": "B2AB67E7-4528-4AE0-9B60-DD5B1B71D17E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11.5:*:*:*:*:*:*:*", "matchCriteriaId": "5CD8DAF5-2EE2-40D2-9DFA-1D2BA749757D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11.6:*:*:*:*:*:*:*", "matchCriteriaId": "F883A9BD-A10A-4EA5-AE2C-22994D650E0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11.7:*:*:*:*:*:*:*", "matchCriteriaId": "B35E25E4-A524-43FF-923F-446DB297CE26", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11.8:*:*:*:*:*:*:*", "matchCriteriaId": "2E8C4A8F-1A37-4A7B-A702-E889FF17FAF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11.9:*:*:*:*:*:*:*", "matchCriteriaId": "4A1B4A9B-EE73-4BDC-A4DA-966EAF49CC5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11.10:*:*:*:*:*:*:*", "matchCriteriaId": "11DBE7DB-344E-4085-ABA4-E8058948B69B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11.11:*:*:*:*:*:*:*", "matchCriteriaId": "9F683B79-8979-416C-9879-1B243F8499D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11.12:*:*:*:*:*:*:*", "matchCriteriaId": "F5FF3EF4-A8A8-48AE-BA5E-ACEBCD66730C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11.13:*:*:*:*:*:*:*", "matchCriteriaId": "3C3CB267-CB92-43A8-8F54-5E5E6BACD06C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.12:*:*:*:*:*:*:*", "matchCriteriaId": "908EF5A9-559B-4867-84EB-4E7879F35FB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:1.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "B2C65586-DB2A-4546-8066-1E768277CA08", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "389CB2B3-4933-4F8D-90F4-E5EE9CDA4201", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "35C6F173-C048-423A-9D02-32C76B984863", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:2.0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "87EAFA66-0CC0-46C4-A661-54F59D2E31AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "6DBC33E0-708B-497A-B3F7-33A525144256", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "488531A2-5E42-4A89-BB62-1EBFD3F5BC4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "ADDCAA0F-E9B6-4050-A211-D1CF9991F525", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request."}, {"lang": "es", "value": "CMS Made Simple 2.x en versiones anteriores a 2.1.3 y 1.x en versiones anteriores a 1.12.2, cuando est\u00e1 activada la Smarty Cache, permiten a atacantes remotos llevar a cabo ataques de envenenamiento de la cach\u00e9, modificar enlaces y llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) a trav\u00e9s de una cabecera HTTP Host manipulada en una petici\u00f3n."}], "id": "CVE-2016-2784", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-05-26T14:59:00.133", "references": [{"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/136897/CMS-Made-Simple-Cache-Poisoning.html"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2016/May/15"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.cmsmadesimple.org/2016/03/Announcing-CMSMS-1-12-2-kolonia/"}, {"source": "cve@mitre.org", "url": "http://www.cmsmadesimple.org/2016/04/Announcing-CMSMS-2-1-3-Black-Point/"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/538272/100/0/threaded"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/39760/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/136897/CMS-Made-Simple-Cache-Poisoning.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2016/May/15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.cmsmadesimple.org/2016/03/Announcing-CMSMS-1-12-2-kolonia/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.cmsmadesimple.org/2016/04/Announcing-CMSMS-2-1-3-Black-Point/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/538272/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/39760/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}