CMS Made Simple 1.x < 1.12.2 and 2.x < 2.1.3 - Cache Poisoning and Cross-Site Scripting via HTTP Host Header
CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request.