CVE-2016-2784

Name of the Vulnerable Software and Affected Versions CMS Made Simple versions 1.x before 1.12.2 CMS Made Simple versions 2.x before 2.1.3

Description The issue allows remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request, but only when Smarty Cache is activated.

Recommendations For CMS Made Simple versions 1.x before 1.12.2, update to version 1.12.2 or later to resolve the issue. For CMS Made Simple versions 2.x before 2.1.3, update to version 2.1.3 or later to resolve the issue. As a temporary workaround, consider deactivating Smarty Cache until a patch is available.