CVE-2025-5153 – CMS Made Simple Design Manager Module Cross-Site Scripting Vulnerability

May 25, 2025

CVE ID : CVE-2025-5153

Published : May 25, 2025, 6:15 p.m. | 2 hours, 41 minutes ago

Description : A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown processing of the component Design Manager Module. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5154 – PhonePe SQLite Database Cleartext Storage Vulnerability

Next Article CVE-2025-5152 – “Chanjet CRM SQL Injection Vulnerability”

Highlights

CVE-2025-46823 – OpenMRS FHIR2 Privilege Escalation Vulnerability

May 29, 2025

CVE ID : CVE-2025-46823

Published : May 29, 2025, 6:15 p.m. | 3 hours, 18 minutes ago

Description : openmrs-module-fhir2 provides the FHIR REST API and related services for OpenMRS, an open medical records system. In versions of the FHIR2 module prior to 2.5.0, privileges were not always correctly checked, which means that unauthorized users may have been able to add or edit data they were not supposed to be able to. All implementers should update to FHIR2 2.5.0 or newer as soon as is feasible to receive a patch.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

A Breeze Of Inspiration In September (2025 Wallpapers Edition)

10 Top Generative AI Development Companies for Enterprise Node.js Projects

Prompting Is A Design Act: How To Brief, Guide And Iterate With AI

Best React.js Development Services in 2025: Features, Benefits & What to Look For

Report: Samsung’s tri-fold phone, XR headset, and AI smart glasses to be revealed at Sep 29 Unpacked event

Are smart glasses with built-in hearing aids viable? My verdict after months of testing

These 7 smart plug hacks that saved me time, money, and energy (and how I set them up)

Amazon will sell you the iPhone 16 Pro for $250 off right now – how the deal works

Fake News Detection using Python Machine Learning (ML)

Fake News Detection using Python Machine Learning (ML)

Common FP – A New JS Utility Lib

Call for Speakers – JS Conf Armenia 2025

Chrome on Windows 11 FINALLY Gets Touch Drag and Drop, Matching Native Apps

Chrome on Windows 11 FINALLY Gets Touch Drag and Drop, Matching Native Apps

Fox Sports not Working: 7 Quick Fixes to Stream Again

Capital One Zelle not Working: 7 Fast Fixes

CVE-2025-5153 – CMS Made Simple Design Manager Module Cross-Site Scripting Vulnerability

CVE-2024-32832 – Hamid Alinia Login with Phone Number Missing Authorization

CVE-2025-31100 – Mojoomla School Management Unrestricted File Upload Vulnerability

Google CEO says AGI is impossible with today’s tech, but Sam Altman claims “you’ll be happy to have a new device”

CVE-2025-6181 – StrongDM Windows Privilege Escalation Remote Code Execution

Rilasciata Arch Linux Enhance Xenial (ALEX) aggiornata a maggio 2025

How to Build Secure SSR Authentication with Supabase, Astro, and Cloudflare Turnstile

CVE-2025-46823 – OpenMRS FHIR2 Privilege Escalation Vulnerability

Proven Approaches to Successful AI Product Development🚀

CVE-2025-45065 – “Employee Record Management System in PHP and MySQL SQL Injection Vulnerability”

MailerLite warns of phishing campaign

CVE-2025-5153 – CMS Made Simple Design Manager Module Cross-Site Scripting Vulnerability

Related Posts