CVE-2014-2219 Information

Description

Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in CMSimple Classic 3.54 and earlier possibly as downloaded before February 26 2014 allows remote attackers to inject arbitrary web script or HTML via the d parameter.

Reference

http://www.securityfocus.com/archive/1/531527/100/0/threaded http://www.securityfocus.com/bid/66312 https://www.htbridge.com/advisory/HTB23205