CVE-2019-10106
CMS Made Simple 2.2.10 exposes a Cross-Site Scripting (XSS) vulnerability in the News module. The issue stems from lack of proper validation in the moduleinterface.php Name field, reachable via Add Category under Site Admin Settings. Multiple sources (NVD, RH, CNVD, CVE list) corroborate an XSS c...