CMS Made Simple <= 1.10.3 XSS Vulnerability

CMS Made Simple 1.10.3 (and lower) is prone to a XSS vulnerability due to an improper input sanitization of “email” parameter,  passed to server side script “admin/edituser.php” via http POST method.

To view my Original Advisory:
CMS Made Simple <= 1.10.3 XSS Original Advisory

MITRE CVE Numbering Authority assigned me CVE-2012-1992 for this vulnerability.

This vulnerability has been also published in the following web sites:
http://osvdb.org/show/osvdb/80918
http://www.securityfocus.com/bid/52850/
http://xforce.iss.net/xforce/xfdb/74563
http://packetstormsecurity.org/files/111486/CMS-Made-Simple-1.10.3-Cross-Site-Scripting.html
http://1337day.com/exploits/17921

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>