https://www.exploit-db.com/exploits/26298
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200509-249

CMSMadeSimple(简称CMSMS)是一款轻量级的内容管理系统，旨在为静态内容为主的小型门户网站提供最简单最轻松的架站体验。CMSMadeSimple0.10中的index.php脚本存在跨站脚本攻击(XSS)漏洞，远程攻击者可以通过page参数注入任意web脚本或HTML。

source: http://www.securityfocus.com/bid/14937/info

CMS Made Simple is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

This issue is reported to affect CMS Made Simple version 0.10; other versions may also be vulnerable. 

http://www.example.com/index.php?page=<script>alert(document.cookie);</script>

来源:BID
名称:14937
链接:http://www.securityfocus.com/bid/14937
来源:BUGTRAQ
名称:20050926CMSMadeSimple0.10issusceptibletoacrosssitescriptingattack.
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112785315518373&w;=2