CVE-2014-2219
CMSimple Classic 3.54 and earlier contains a reflected XSS in /whizzywig/wb.php where the d parameter is not properly sanitized. A remote attacker can induce a logged-in user to visit a crafted URL to execute arbitrary HTML/JavaScript in the browser. Vendor patch: fixed by the vendor on 2014-02-2...