CVE-2012-1992

Name of the Vulnerable Software and Affected Versions CMS Made Simple versions 1.10.3 and earlier

Description A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the email parameter in the Edit User template. This is due to a vulnerability in the admin/edituser.php file.

Recommendations For CMS Made Simple versions 1.10.3 and earlier, avoid using the email parameter in the Edit User template until a fix is available. As a temporary workaround, consider restricting access to the admin/edituser.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.