We found vulnerability of CMS Made Simple

Details about Made Simple CMS

CMS Made Simple (CMSMS) is a free, open source (GPL) content management system (CMS) to provide developers, programmers and site owners a web-based development and administration area. In 2010 it won the Packt Publishing annual award for open source content management. (Source: wikipedia)

It is possible for an authenticated user with admin access to misuse XSS vulnerability in Admin panel and in extensions. The vulnerability exists due to insufficient filtration of user-supplied data. By exploiting this vulnerability, an attacker gains ability to execute own client-side code in context of another user. This can lead to taking actions under other admin user account. Also passwords are stored as salted MD5 hash.


XSS v Admin search
Payload: <script>alert(document.domain)</script>
Description: After insert of payload to input, it is needed to reload webpage to trigger payload
Stored XSS v manage shortcuts
Payload: <script>alert(document.domain)</script>
Parameter: name
Stored XSS v global settings, content editing settings, maintenance mode
Payload: <script>alert(document.domain)</script>
Stored XSS v global settings
Payload: <script>alert(1)</script>
Parameter: global metadata
Description: Also triggers in visitors site
Stored XSS in title of article
Payload: XSS <script>alert(document.domain)</script>
Description: Triggers in admin area and article content triggers also in visitors site. Here is needed to modify request with proxy, because website encodes few characters before sending.
Stored XSS v settings - content manager
Payload: <script>alert(document.domain)</script>

Because developers decided to not fix these vulnerabilities, best advice is to use another - regularly updated CMS, like Wordpress.

These vulnerabilities were discovered by Tomas Volny from Citadelo.

Über den Autor

Citadelo is a firm of ethical hackers on your side. We think like hackers, but we don't abuse it. On the contrary, our main goal is to reveal vulnerabilities without causing damage. We have been conducting simulated attacks for our clients since 2006
Mehr von diesem Autor

Verwandte Blogs

How to order a pen test

Blog | | Martin Hanic
Although people working in the IT security industry may consider this question to be as trivial as "How to order a phone charger", for many, writing a purchase order for a penetration test can be like designing a nuclear power plant.

Unofficial Patch Tuesday – MSMQ Privilege Escalation Vulnerability Hotfix

Blog | | Citadelo
This security patch resolves a public vulnerability in the Windows Message Queuing Service (MSMQ) discovered by KoreLogic

ExtendedMacro – BurpSuite plugin

Blog | | Citadelo
BurpSuite Proxy is one of the most used HTTP proxy application for web penetration testers. This tool is one of the best in its category, but sometimes we encounter a situation requiring additional functionality which is not provided by Burp itself.

MODX Revolution CMS 2.5.6

Blog |
Modx Revolution is great CMS, that is Open Source, UX friendly and easy to use. However, in a version 2.5.6 and lower we have identified multiple vulnerabilities.