Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date_format_string parameter.Referenceshttp://blog.cmsmadesimple.org/2010/05/01/announcing-cms-made-simple-1-7-1-escade/http://www.securityfocus.com/bid/39997http://int21.de/cve/CVE-2010-1482-cmsmadesimple-xss-backend.htmlhttp://www.securityfocus.com/archive/1/511178
