CVE-2010-1482

CMSMS <1.7.1 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date_format_string parameter.

References (4)

[Various Sources] http://blog.cmsmadesimple.org/2010/05/01/announcing-cms-made-simple-1-7-1-escade/

[Exploit] http://int21.de/cve/CVE-2010-1482-cmsmadesimple-xss-backend.html

[Exploit] http://www.securityfocus.com/archive/1/511178

[Patch] http://www.securityfocus.com/bid/39997

Scores

EPSS 0.0029

EPSS Percentile 51.6%

Classification

CWE

CWE-79

Status published

Affected Products (50)

cmsmadesimple/cms_made_simple < 1.7

cmsmadesimple/cms_made_simple

... and 35 more

Timeline

Published May 12, 2010

Tracked Since Feb 18, 2026