Feioklucy

**Name of the Vulnerable Software and Affected Versions** CMS Made Simple versions up to 2.2.21 **Description** A security issue exists in CMS Made Simple that allows for cross site scripting. The issue is located in the User Management Module, specifically within the `admin/listusers.php` file. Manipulation of the `Message` argument can trigger the flaw, and the attack can be carried out remotely. The exploit for this issue has been publicly released. **Recommendations** Versions prior to 2.2.21 should be updated.

**Name of the Vulnerable Software and Affected Versions** CMS Made Simple version 2.2.21 **Description** A problematic issue has been found in the Design Manager Module of CMS Made Simple, affecting some unknown processing. The manipulation of the `Description` argument leads to cross-site scripting. This issue can be exploited remotely. **Recommendations** For CMS Made Simple version 2.2.21, consider disabling the Design Manager Module until a patch is available to prevent cross-site scripting attacks. Restrict access to the module to minimize the risk of exploitation. Avoid using the `Description` argument in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.