Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section.