CMS Made Simple v2.2.15 exists to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage.
cmsmadesimple cms made simple 2.2.15