Description
Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) before 1.11.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/07/25/7
Various Sources x_refsource_confirm
http://forum.cmsmadesimple.org/viewtopic.php?f=1&t=66590&p=299356
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/07/21/1
Various Sources x_refsource_misc
https://twitter.com/LeakFree/status/336942367351394305
Scores
EPSS
0.0029
EPSS Percentile
52.0%
Details
CWE
CWE-79
Status
published
Products (8)
cmsmadesimple/cms_made_simple
1.11
cmsmadesimple/cms_made_simple
1.11.1
cmsmadesimple/cms_made_simple
1.11.2
cmsmadesimple/cms_made_simple
1.11.2.1
cmsmadesimple/cms_made_simple
1.11.3
cmsmadesimple/cms_made_simple
1.11.4
cmsmadesimple/cms_made_simple
1.11.5
cmsmadesimple/cms_made_simple
< 1.11.6
Published
Oct 11, 2013
Tracked Since
Feb 18, 2026