XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack.Referenceshttp://www.03i0.com/index.php/archives/113/http://www.securityfocus.com/bid/97205
