A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local malicious user to upload a pdf file with hidden Cross Site Scripting (XSS).
cmsmadesimple cms made simple 2.2.18