CVE-2018-18270
CMS Made Simple 2.2.7 is affected by an XSS in the m1_news_url parameter used in admin/moduleinterface.php during Content → News → Add Article. The Red Hat/NVD/CNVD entries confirm the vulnerability exists in 2.2.7, caused by unsanitized input in that parameter which can inject script/HTML. The m...