CMS Made Simple Version 2.2.21 is vulnerable to Cross Site Scripting (XSS). This vulnerability resides in Site Admin module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the "Global Metadata" field.

Log in as admin and navigate to Site Admin > Settings-Global Settings.

Click on Site Admin -> Settings-Global Settings

Click on "General Settings"

In "Global Metadata" field, input payload xss</textarea> <img/src=1 onerror=alert(document.cookie)> <textarea>

Click "Submit"

After submitting, payload will be executed every time we click the "Settings - Global Settings" menu button on the left.

This exploit confirms the presence of XSS vulnerability in. The payloads are utilized to evaluate expressions and verify the XSS. Use responsibly and with proper authorization; unauthorized use of this exploit may lead to legal consequences.