CVE-2012-1992

Published: Apr 11, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter (aka the Email Address field in the Edit User template).

Affected (118)

Products: Cmsmadesimple: Cms Made Simple

Cmsmadesimple

1 product

Cms Made Simple

Configuration A

118 vulnerable

Vulnerable Software	Affected Versions
Cmsmadesimple Cms Made Simple	Up to 1.10.3
Cmsmadesimple Cms Made Simple	Version 0.10.1
Cmsmadesimple Cms Made Simple	Version 0.10.2
Cmsmadesimple Cms Made Simple	Version 0.10.3
Cmsmadesimple Cms Made Simple	Version 0.10.4
Cmsmadesimple Cms Made Simple	Version 0.10
Cmsmadesimple Cms Made Simple	Version 0.11.1
Cmsmadesimple Cms Made Simple	Version 0.11.2
Cmsmadesimple Cms Made Simple	Version 0.11
Cmsmadesimple Cms Made Simple	Version 0.11 beta5
Cmsmadesimple Cms Made Simple	Version 0.11 beta6
Cmsmadesimple Cms Made Simple	Version 0.12.1
Cmsmadesimple Cms Made Simple	Version 0.12.2
Cmsmadesimple Cms Made Simple	Version 0.12
Cmsmadesimple Cms Made Simple	Version 0.12 beta1
Cmsmadesimple Cms Made Simple	Version 0.12 beta2
Cmsmadesimple Cms Made Simple	Version 0.13
Cmsmadesimple Cms Made Simple	Version 0.13 beta1
Cmsmadesimple Cms Made Simple	Version 0.13 beta2
Cmsmadesimple Cms Made Simple	Version 0.13 beta3
Cmsmadesimple Cms Made Simple	Version 0.1
Cmsmadesimple Cms Made Simple	Version 0.2.1
Cmsmadesimple Cms Made Simple	Version 0.2
Cmsmadesimple Cms Made Simple	Version 0.3.1
Cmsmadesimple Cms Made Simple	Version 0.3.2
Cmsmadesimple Cms Made Simple	Version 0.3
Cmsmadesimple Cms Made Simple	Version 0.4.1
Cmsmadesimple Cms Made Simple	Version 0.4
Cmsmadesimple Cms Made Simple	Version 0.5.1
Cmsmadesimple Cms Made Simple	Version 0.5
Cmsmadesimple Cms Made Simple	Version 0.6.1
Cmsmadesimple Cms Made Simple	Version 0.6.2
Cmsmadesimple Cms Made Simple	Version 0.6.3
Cmsmadesimple Cms Made Simple	Version 0.6
Cmsmadesimple Cms Made Simple	Version 0.7.1
Cmsmadesimple Cms Made Simple	Version 0.7.2
Cmsmadesimple Cms Made Simple	Version 0.7.3
Cmsmadesimple Cms Made Simple	Version 0.7
Cmsmadesimple Cms Made Simple	Version 0.8.1
Cmsmadesimple Cms Made Simple	Version 0.8.2
Cmsmadesimple Cms Made Simple	Version 0.8
Cmsmadesimple Cms Made Simple	Version 0.9.1
Cmsmadesimple Cms Made Simple	Version 0.9.2
Cmsmadesimple Cms Made Simple	Version 0.9
Cmsmadesimple Cms Made Simple	Version 1.0.1
Cmsmadesimple Cms Made Simple	Version 1.0.2
Cmsmadesimple Cms Made Simple	Version 1.0.3
Cmsmadesimple Cms Made Simple	Version 1.0.4
Cmsmadesimple Cms Made Simple	Version 1.0.5
Cmsmadesimple Cms Made Simple	Version 1.0.6
Cmsmadesimple Cms Made Simple	Version 1.0.7
Cmsmadesimple Cms Made Simple	Version 1.0.8
Cmsmadesimple Cms Made Simple	Version 1.0
Cmsmadesimple Cms Made Simple	Version 1.0 beta1
Cmsmadesimple Cms Made Simple	Version 1.0 beta2
Cmsmadesimple Cms Made Simple	Version 1.0 beta3
Cmsmadesimple Cms Made Simple	Version 1.0 beta4
Cmsmadesimple Cms Made Simple	Version 1.0 beta5
Cmsmadesimple Cms Made Simple	Version 1.0 beta6
Cmsmadesimple Cms Made Simple	Version 1.1.1
Cmsmadesimple Cms Made Simple	Version 1.1.2
Cmsmadesimple Cms Made Simple	Version 1.1.3.1
Cmsmadesimple Cms Made Simple	Version 1.1.3
Cmsmadesimple Cms Made Simple	Version 1.1.4.1
Cmsmadesimple Cms Made Simple	Version 1.1.4
Cmsmadesimple Cms Made Simple	Version 1.10.1
Cmsmadesimple Cms Made Simple	Version 1.10.2
Cmsmadesimple Cms Made Simple	Version 1.10
Cmsmadesimple Cms Made Simple	Version 1.1
Cmsmadesimple Cms Made Simple	Version 1.1 rc1
Cmsmadesimple Cms Made Simple	Version 1.1 rc2
Cmsmadesimple Cms Made Simple	Version 1.1 rc3
Cmsmadesimple Cms Made Simple	Version 1.2.1
Cmsmadesimple Cms Made Simple	Version 1.2.2
Cmsmadesimple Cms Made Simple	Version 1.2.3
Cmsmadesimple Cms Made Simple	Version 1.2.4
Cmsmadesimple Cms Made Simple	Version 1.2.5
Cmsmadesimple Cms Made Simple	Version 1.2
Cmsmadesimple Cms Made Simple	Version 1.2 beta1
Cmsmadesimple Cms Made Simple	Version 1.2 beta2
Cmsmadesimple Cms Made Simple	Version 1.2 beta3
Cmsmadesimple Cms Made Simple	Version 1.2 rc1
Cmsmadesimple Cms Made Simple	Version 1.3.1
Cmsmadesimple Cms Made Simple	Version 1.3
Cmsmadesimple Cms Made Simple	Version 1.3 beta1
Cmsmadesimple Cms Made Simple	Version 1.3 beta2
Cmsmadesimple Cms Made Simple	Version 1.4.1
Cmsmadesimple Cms Made Simple	Version 1.4
Cmsmadesimple Cms Made Simple	Version 1.4 beta1
Cmsmadesimple Cms Made Simple	Version 1.4 beta2
Cmsmadesimple Cms Made Simple	Version 1.5.1
Cmsmadesimple Cms Made Simple	Version 1.5.2
Cmsmadesimple Cms Made Simple	Version 1.5.3
Cmsmadesimple Cms Made Simple	Version 1.5.4
Cmsmadesimple Cms Made Simple	Version 1.5
Cmsmadesimple Cms Made Simple	Version 1.5 beta1
Cmsmadesimple Cms Made Simple	Version 1.6.1
Cmsmadesimple Cms Made Simple	Version 1.6.2
Cmsmadesimple Cms Made Simple	Version 1.6.3
Cmsmadesimple Cms Made Simple	Version 1.6.4
Cmsmadesimple Cms Made Simple	Version 1.6.5
Cmsmadesimple Cms Made Simple	Version 1.6.6
Cmsmadesimple Cms Made Simple	Version 1.6.7
Cmsmadesimple Cms Made Simple	Version 1.6.8
Cmsmadesimple Cms Made Simple	Version 1.6
Cmsmadesimple Cms Made Simple	Version 1.7.1
Cmsmadesimple Cms Made Simple	Version 1.7
Cmsmadesimple Cms Made Simple	Version 1.8.1
Cmsmadesimple Cms Made Simple	Version 1.8.2
Cmsmadesimple Cms Made Simple	Version 1.8
Cmsmadesimple Cms Made Simple	Version 1.9.1
Cmsmadesimple Cms Made Simple	Version 1.9.2
Cmsmadesimple Cms Made Simple	Version 1.9.3
Cmsmadesimple Cms Made Simple	Version 1.9.4.1
Cmsmadesimple Cms Made Simple	Version 1.9.4.2
Cmsmadesimple Cms Made Simple	Version 1.9.4.3
Cmsmadesimple Cms Made Simple	Version 1.9.4
Cmsmadesimple Cms Made Simple	Version 1.9

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://www.securityfocus.com/bid/52850

Source: cve@mitre.org

http://www.webapp-security.com/wp-content/uploads/2012/04/CMS-Made-Simple-1.10.3-XSS-Vulnerability2.txt

Source: cve@mitre.org

http://www.securityfocus.com/bid/52850

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.webapp-security.com/wp-content/uploads/2012/04/CMS-Made-Simple-1.10.3-XSS-Vulnerability2.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.