Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

CMS Made Simple < 1.7.1 Cross-Site Scripting Vulnerability

Medium

Synopsis

The remote web server is running a PHP application that is affected by a cross-site scripting vulnerability.

Description

The remote host is running CMS Made Simple, a web-based content management application written in PHP. The installed version of CMS Made Simple is earlier than 1.7.1. Such versions are potentially affected by a cross-site scripting vulnerability because the application fails to properly sanitize user supplied input to the 'date_format_string' variable of the 'admin/editprefs.php' script. An attacker with administrator privileges, could exploit this flaw to execute arbitrary script code in a user's browser.

Solution

Upgrade to CMS Made Simple 1.7.1 or later.