VYPR
← All advisories
Unrated severityNVD Advisory· Published May 12, 2010· Updated Apr 29, 2026

CVE-2010-1482

CVE-2010-1482

Description

Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date_format_string parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CMS Made Simple before 1.7.1 has a backend XSS in admin/editprefs.php via the date_format_string parameter.

Vulnerability

A cross-site scripting (XSS) vulnerability exists in the backend of CMS Made Simple (CMSMS) prior to version 1.7.1. The flaw resides in admin/editprefs.php, specifically in the date_format_string parameter on the personal options page. The input is not properly escaped, allowing an attacker to inject arbitrary JavaScript [1]. All versions before 1.7.1 are affected.

Exploitation

An attacker would need to persuade an administrator with backend access to visit a crafted link containing the malicious payload in the date_format_string parameter. However, the vulnerable page is typically not viewed by the admin or other users, making the attack scenario unlikely [1]. The attacker does not require authentication but relies on social engineering to trigger the payload.

Impact

Successful exploitation could allow an attacker to execute arbitrary web script or HTML in the context of the administrator's browser session. However, the practical impact is considered very low due to the limited visibility of the affected page and the need for user interaction [1].

Mitigation

The vendor released CMS Made Simple version 1.7.1 on 2010-05-01, which filters HTML tags and restricts the field size to 10 characters [1]. While this prevents most practical exploits, the fix is not a clean solution as it only filters tags and limits length rather than properly escaping output. Users should upgrade to version 1.7.1 or later [1].

References
  1. backend cross site scripting (XSS), CVE-2010-1482

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

73
  • Cmsmadesimple/Cmsmadesimple72 versions
    cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*+ 71 more
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*range: <=1.7
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11:beta5:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11:beta6:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12:beta1:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12:beta2:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.13:beta1:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.13:beta2:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.13:beta3:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0:beta4:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0:beta5:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0:beta6:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1:rc1:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1:rc2:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1:rc3:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2:beta1:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2:beta2:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2:beta3:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2:rc1:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.3:beta1:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.3:beta2:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.4:beta1:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.4:beta2:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5:beta1:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.7:*:*:*:*:*:*:*
  • Simple Cms/Simple CMSllm-fuzzy
    Range: <1.7.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.