Multiple Cross-Site Scripting Vulnerabilities and Cross-Site Request Forgery Vulnerability in CMS Made Simple
CMS Made Simple is prone to multiple cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user-supplied inputs. The application is also prone to a cross-site request-forgery vulnerability.An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.The attacker can exploit the cross-site request-forgery issue by tricking a victim into following a specially crafted HTTP request designed to perform some action on the attacker's behalf using a victim's currently active session.