VYPR
Medium severity5.4NVD Advisory· Published Mar 9, 2017· Updated Jun 17, 2026

CVE-2017-6556

CVE-2017-6556

Description

Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field.

Affected products

1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.