CVE-2014-0334

Name of the Vulnerable Software and Affected Versions CMS Made Simple (affected versions not specified)

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via various parameters, including group to "admin/addgroup.php", htmlblob to "admin/addhtmlblob.php", title or url to "admin/addbookmark.php", stylesheet name to "admin/copystylesheet.php", template name to "admin/copytemplate.php", title or url to "admin/editbookmark.php", template to "admin/listtemplates.php", or css name to "admin/listcss.php".

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.