CVE-2020-36414
CMS Made Simple is affected by a stored XSS in version 2.2.14 via crafted payloads entered in the Add Article feature (URL slug or Extra fields). The vulnerability requires authentication and could allow executing arbitrary scripts/HTML in the victim’s browser. Publicly documented fixes point to ...