CMS Made Simple < 1.7.1 Cross-Site Scripting Vulnerability

Medium Nessus Network Monitor Plugin ID 5530


The remote web server is running a PHP application that is affected by a cross-site scripting vulnerability.


The remote host is running CMS Made Simple, a web-based content management application written in PHP. The installed version of CMS Made Simple is earlier than 1.7.1. Such versions are potentially affected by a cross-site scripting vulnerability because the application fails to properly sanitize user supplied input to the 'date_format_string' variable of the 'admin/editprefs.php' script. An attacker with administrator privileges, could exploit this flaw to execute arbitrary script code in a user's browser.


Upgrade to CMS Made Simple 1.7.1 or later.

See Also

Plugin Details

Severity: Medium

ID: 5530

Family: CGI

Published: 2010/05/07

Modified: 2016/01/25

Dependencies: 1442

Risk Information

Risk Factor: Medium


Base Score: 5.8

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 3.5

Temporal Score: 3.3


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cmsmadesimple:cms_made_simple

Patch Publication Date: 2010/05/01

Vulnerability Publication Date: 2010/05/07

Reference Information

CVE: CVE-2010-1482

BID: 39997