Thebinitghimire

**Name of the Vulnerable Software and Affected Versions** CMS Made Simple versions prior to 2.2.15 **Description** The issue allows for cross-site scripting (XSS) attacks through a crafted File Picker profile name. **Recommendations** For CMS Made Simple versions prior to 2.2.15, update to version 2.2.15 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CMS Made Simple versions through 2.2.10 **Description** The issue concerns a Reflected XSS in the File Manager component. This occurs via the `New name` field when performing a Rename action. **Recommendations** For versions through 2.2.10, update to a version that contains a fix for this issue.