Cms Made Simple · Cms Made Simple · CVE-2016-2784
**Name of the Vulnerable Software and Affected Versions**
CMS Made Simple versions 1.x before 1.12.2
CMS Made Simple versions 2.x before 2.1.3
**Description**
The issue allows remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request, but only when Smarty Cache is activated.
**Recommendations**
For CMS Made Simple versions 1.x before 1.12.2, update to version 1.12.2 or later to resolve the issue.
For CMS Made Simple versions 2.x before 2.1.3, update to version 2.1.3 or later to resolve the issue.
As a temporary workaround, consider deactivating Smarty Cache until a patch is available.