VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 8, 2010· Updated Apr 29, 2026

CVE-2010-3882

CVE-2010-3882

Description

Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remote attackers to inject arbitrary web script or HTML via input to the (1) Add Pages, (2) Add Global Content, (3) Edit Global Content, (4) Add Article, (5) Add Category, (6) Add Field Definition, or (7) Add Shortcut module.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CMS Made Simple 1.7.1 and earlier contains multiple XSS vulnerabilities in admin modules allowing arbitrary script injection.

Vulnerability

Multiple cross-site scripting (XSS) vulnerabilities exist in CMS Made Simple version 1.7.1 and earlier. The flaws are present in the input handling of the Add Pages, Add Global Content, Edit Global Content, Add Article, Add Category, Add Field Definition, and Add Shortcut modules. An attacker can inject arbitrary web script or HTML via user-supplied input to these modules.

Exploitation

An attacker needs to have access to the administrative interface of CMS Made Simple, as these modules are part of the admin panel. The attacker can craft malicious input that is not properly sanitized, leading to stored or reflected XSS depending on the module. No special privileges beyond admin access are required, but the attacker must be able to submit data to the vulnerable forms.

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the admin panel. This can lead to session hijacking, defacement, or theft of sensitive information. The impact is limited to the administrative interface, but could compromise the entire CMS if an admin's session is stolen.

Mitigation

The vendor has not released a patch for these vulnerabilities as of the publication date. Users are advised to upgrade to a version beyond 1.7.1 if available, or apply input validation and output encoding manually. The vulnerabilities are not listed on the CISA KEV. [1] provides general advisory information but no specific fix.

References
  1. About Secunia Research | Flexera

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

75
  • Cmsmadesimple/Cmsmadesimple74 versions
    cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*+ 73 more
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*range: <=1.7.1
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11:beta5:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11:beta6:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12:beta1:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12:beta2:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.13:beta1:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.13:beta2:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.13:beta3:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0:beta4:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0:beta5:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0:beta6:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1:rc1:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1:rc2:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1:rc3:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2:beta1:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2:beta2:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2:beta3:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2:rc1:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.3:beta1:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.3:beta2:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.4:beta1:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.4:beta2:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5:beta1:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.7:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.8:*:*:*:*:*:*:*
    • cpe:2.3:a:cmsmadesimple:cms_made_simple:1.7:*:*:*:*:*:*:*
  • Simple Cms/Simple CMSllm-fuzzy
    Range: <=1.7.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.