CVE-2013-3929
CMS Made Simple (CMSMS) 1.11.9 includes an XSS vulnerability in admin/editevent.php where the handler parameter can be exploited by remote authenticated users with the true 【Modify Events】 permission to inject arbitrary web script or HTML. The connected sources confirm the affected file and condi...