2 matches found
CVE-2017-6556
Cross-site scripting XSS vulnerability in CMS Made Simple CMSMS 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage sitesetting General Settings globalmetadata" field...
CVE-2017-6556
CMS Made Simple (CMSMS) 2.1.6 is affected by a cross-site scripting (XSS) vulnerability that allows remote authenticated users to inject arbitrary script/HTML via the adminpage > sitesetting > General Settings > globalmetadata field. The issue stems from inadequate input validation in th...