CVE-2012-1992

2012-04-1110:00:00

mitre

www.cve.org

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.2%

JSON

Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter (aka the Email Address field in the Edit User template).

References

www.securityfocus.com/bid/52850

www.webapp-security.com/wp-content/uploads/2012/04/CMS-Made-Simple-1.10.3-XSS-Vulnerability2.txt