Description
Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the 'adminpage > sitesetting > General Settings > globalmetadata' field.
Remediation
Update to CMS Made Simple 2.2 or later.
References
Related Vulnerabilities
WordPress Plugin Widget for Facebook Page Feeds Cross-Site Scripting (5.0)
WordPress Plugin Broken Link Checker Cross-Site Scripting (1.11.19)
WordPress Plugin WordPress Calls to Action Multiple Cross-Site Scripting Vulnerabilities (2.5.0)
WordPress Plugin WP Gravity Forms Zoho CRM Add-on Cross-Site Scripting (1.1.5)
WordPress Plugin Nextend Facebook Connect Cross-Site Scripting (1.5.5)