CMS Made Simple version 2.2.5 is vulnerable to Reflected Cross-Site Scripting.
2. PRODUCT DESCRIPTION
CMS Made Simple is open source CMS for developing website.
3. VULNERABILITY DESCRIPTION
4. VERSIONS AFFECTED
2.2.5 and can below.
Should some sanitize every user input field.
CMS Made Simple version 2.2.5
This vulnerability was discovered by Kyaw Min Thein,
10. DISCLOSURE TIME-LINE
1-19-2018 vulnerability reported to vendor
1-21-2018 notified vendor and vendor said they will not give features for using admin permission
1-22-2018 assigned as CVE-2018-5965 by mitre