Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date_format_string parameter.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
NONE
Integrity
PARTIAL
Availability
NONE
Cisco IOS 12.2 (17d)SXB8
Cisco IOS 12.2 (17d)SXB7
Cisco IOS 12.2 (14)SY1
Cisco IOS 12.2 (14)SY03
Cisco IOS 12.2 (17f)
Cmsmadesimple Cms made simple 0.11 Beta5 (not an official CPE)
Cisco IOS 12.2 (15)ZJ3
Cisco IOS 12.2 (14)SZ1
Cisco IOS 12.2 (14)ZA2
Cisco IOS 12.2 (14)ZA8
Cisco IOS 12.2 (14)SZ2
Cmsmadesimple Cms made simple 1.1 Rc2 (not an official CPE)
Cisco IOS 12.2(15)T9
Cisco IOS 12.2 (15)XR
Cmsmadesimple Cms made simple 1.2 Rc1 (not an official CPE)
Cisco IOS 12.2(15)T7
Cmsmadesimple Cms made simple 1.1 Rc1 (not an official CPE)
Cisco IOS 12.2(15)T8
Cmsmadesimple Cms made simple 0.13 Beta1 (not an official CPE)
Cmsmadesimple Cms made simple 0.13 Beta3 (not an official CPE)
Cmsmadesimple Cms made simple 0.13 Beta2 (not an official CPE)
Cisco IOS 12.2 (15)ZN
Cisco IOS 12.2 (15)ZL1
Cisco IOS 12.2 (14)SU2
Cisco IOS 12.2(15)ZJ
Cisco IOS 12.2 (15)ZJ1
Cisco IOS 12.2 (14)ZA
Cisco IOS 12.2 (14)SZ
Cmsmadesimple Cms made simple 1.1 Rc3 (not an official CPE)
Cisco IOS 12.2 (17b)SXA
Cisco IOS 12.2 (17)
Cisco IOS 12.2 (16.5)S
Cisco IOS 12.2 (16)B1
Cisco IOS 12.2 (15)ZL
Cmsmadesimple Cms made simple 1.0.7 (not an official CPE)
Cisco IOS 12.2 (15)YS_1.2(1)
Cmsmadesimple Cms made simple 1.0.8 (not an official CPE)
Cisco IOS 12.2 (15)XR2
Cisco IOS 12.2 (15)T5
Cisco IOS 12.2 (15)YS
Cisco IOS 12.2 (17d)
Cisco IOS 12.2(17d)SX
Cisco IOS 12.2 (17d)SXB
Cisco IOS 12.2 (17d)SXB10
Cisco IOS 12.2 (16f)
Cisco IOS 12.2 (17a)SXA
Cisco IOS 12.2 (17)a
Cisco IOS 12.2 (16)B
Cisco IOS 12.2(17a)
Cisco IOS 12.2 (15.1)S
Cisco IOS 12.2 (17)ZD3
Cisco IOS 12.2 (18)EW
Cisco IOS 12.2 (15)ZO
Cmsmadesimple Cms made simple 1.0 Beta1 (not an official CPE)
Cmsmadesimple Cms made simple 1.2 Beta3 (not an official CPE)
Cmsmadesimple Cms made simple 1.2 Beta2 (not an official CPE)
Cmsmadesimple Cms made simple 1.0 Beta3 (not an official CPE)
Cmsmadesimple Cms made simple 1.0 Beta2 (not an official CPE)
Cmsmadesimple Cms made simple 0.12 Beta1 (not an official CPE)
Cmsmadesimple Cms made simple 0.12 Beta2 (not an official CPE)
Cmsmadesimple Cms made simple 0.11 Beta6 (not an official CPE)
Cmsmadesimple Cms made simple 1.3.1 (not an official CPE)
Cmsmadesimple Cms made simple 1.1.4.1 (not an official CPE)
Cmsmadesimple Cms made simple 1.5 Beta1 (not an official CPE)
Cisco IOS 12.2 (16)BX
Cmsmadesimple Cms made simple 1.0 Beta4 (not an official CPE)
Cmsmadesimple Cms made simple 1.0 Beta5 (not an official CPE)
Cmsmadesimple Cms made simple 1.4 Beta1 (not an official CPE)
Cmsmadesimple Cms made simple 1.0 Beta6 (not an official CPE)
Cmsmadesimple Cms made simple 1.4 Beta2 (not an official CPE)
Cmsmadesimple Cms made simple 1.2 Beta1 (not an official CPE)
Cisco IOS 12.2 (16.1)B
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (ID 79)
Related CAPEC 16
Cross Site Scripting through Log Files (CAPEC-ID 106)
Embedding Scripts in Non-Script Elements (CAPEC-ID 18)
Embedding Scripts within Scripts (CAPEC-ID 19)
Cross-Site Scripting in Error Pages (CAPEC-ID 198)
Cross-Site Scripting Using Alternate Syntax (CAPEC-ID 199)
Cross-Site Scripting Using MIME Type Mismatch (CAPEC-ID 209)
Cross-Site Scripting in Attributes (CAPEC-ID 243)
Cross-Site Scripting via Encoded URI Schemes (CAPEC-ID 244)
Cross-Site Scripting Using Doubled Characters, e.g. %3C%3Cscript (CAPEC-ID 245)
Cross-Site Scripting Using Flash (CAPEC-ID 246)
Cross-Site Scripting with Masking through Invalid Characters in Identifiers (CAPEC-ID 247)
Embedding Scripts in HTTP Query Strings (CAPEC-ID 32)
Simple Script Injection (CAPEC-ID 63)
AJAX Fingerprinting (CAPEC-ID 85)
Embedding Script (XSS) in HTTP Headers (CAPEC-ID 86)
XSS in IMG Tags (CAPEC-ID 91)