CVE-2013-3929

Name of the Vulnerable Software and Affected Versions CMS Made Simple versions 1.11.9

Description A cross-site scripting issue exists, allowing remote authenticated users with the "Modify Events" permission to inject arbitrary web script or HTML via the handler parameter in the "admin/editevent.php" file.

Recommendations For version 1.11.9, update to a newer version that contains a fix for this issue.