The host is installed with CMS Made Simple and is prone to multiple xss vulnerabilities.

Successful exploitation will allow remote attackers to execute arbitrary HTML or script code, steal cookie-based authentication credentials and launch other attacks. Impact Level: Application

No Solution or patch is available as of 11th March, 2014. Information regarding this issue will updated once the solution details are available. For updates refer to http://www.cmsmadesimple.org

Multiple flaws exist due to improper validation of user supplied input to 'editevent.php', 'pagedefaults.php', 'adminlog.php', 'myaccount.php', 'siteprefs.php', 'addbookmark.php', 'index.php', 'editorFrame.php', 'addhtmlblob.php', 'addtemplate.php', 'addcss.php' scripts. For more information about the vulnerabilities refer the reference links.

CMS Made Simple version 1.11.10, Other versions may also be affected.

Send a crafted data via HTTP GET request and check whether it is vulnerable or not.

• http://packetstormsecurity.com/files/125353/CMSMadeSimple-1.11.10-Cross-Site-Scripting.html
• http://www.kb.cert.org/vuls/id/526062
• http://www.osvdb.com/103657

---

Updated on 2017-03-28