CVE-2019-17630
CMS Made Simple (CMSMS) version 2.2.11 contains a stored XSS vulnerability that can be triggered by an admin submitting a crafted image filename on the News > Add Article screen. The issue appears to be tied to how image filenames are processed and stored, enabling script execution in the admi...