CVE-2010-1482
CMS Made Simple < 1.7.1 - Cross-Site Scripting via date_format_string Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date_format_string parameter.
References (4)
Core 4
Core References
Various Sources x_refsource_confirm
http://blog.cmsmadesimple.org/2010/05/01/announcing-cms-made-simple-1-7-1-escade/
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/39997
Exploit x_refsource_misc
http://int21.de/cve/CVE-2010-1482-cmsmadesimple-xss-backend.html
Exploit mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/511178
Scores
EPSS
0.0029
EPSS Percentile
52.0%
Details
CWE
CWE-79
Status
published
Products (31)
cmsmadesimple/cms_made_simple
0.10
cmsmadesimple/cms_made_simple
0.10.3
cmsmadesimple/cms_made_simple
0.10.4
cmsmadesimple/cms_made_simple
0.11 (3 CPE variants)
cmsmadesimple/cms_made_simple
0.11.1
cmsmadesimple/cms_made_simple
0.11.2
cmsmadesimple/cms_made_simple
0.12 (3 CPE variants)
cmsmadesimple/cms_made_simple
0.12.1
cmsmadesimple/cms_made_simple
0.12.2
cmsmadesimple/cms_made_simple
0.13 beta1 (3 CPE variants)
... and 21 more
Published
May 12, 2010
Tracked Since
Feb 18, 2026