CMS Made Simple 1.10.3 (and lower) is prone to a XSS vulnerability due to an improper input sanitization of “email” parameter, passed to server side script “admin/edituser.php” via http POST method.
To view my Original Advisory:
CMS Made Simple <= 1.10.3 XSS Original Advisory
MITRE CVE Numbering Authority assigned me CVE-2012-1992 for this vulnerability.
This vulnerability has been also published in the following web sites: