CMS Made Simple Forums

Today we are announcing an important security release of CMSMS. Thanks to a few users who informed us of the issues we accelerated plans for our release and threw in a few important bug fixes too.

The following issues were addressed in this release:
- XSS Vulnerabilities in the core, and in the installer.
- Fixes problem with page template parsing wrt the and HTML tags.
- Fixes a problem with some modules not listening to the stuff... order of execution problem.
- Fixes some problems with the Simplex demo theme and touch screen interfaces.
** Note, the Simplex theme is not intended to have full functonality on lower resolution devices like phones. It is intended for tablets etc.

EDIT: For your information the sample .htaccess file shipped with CMSMS has been modified to include fixes for other potential points of attack. It may be useful to look at this file and merge the changes into your .htaccess.

Because of the nature of the vulnerabilities, we request people to upgrade their websites as soon as possible.

As of this release the only supported versions of CMSMS are 1.11.5 and 1.11.6.

Some webhosts don't allow the new line in the default .htaccess file and you get a error500 at the site. In that case change:to In next releases this line will be optional