Authored by tmrswrr

CMS Made Simple version 2.2.19 suffers from a persistent cross site scripting vulnerability.

# Exploit Title: CMS Made Simple Version: 2.2.19 - Stored XSS
# Date: 2024-21-02
# Exploit Author: tmrswrr
# Vendor Homepage: https://www.cmsmadesimple.org/
# Version: 2.2.19
# Tested on: https://www.softaculous.com/demos/CMS_Made_Simple


1 ) log in as admin and go to Content > File Manager
2 ) Write in New directory: place payload "><img src=x onerrora=confirm() onerror=confirm(1)>
3 ) After click run you will be see alertbox