CVE-2019-10017

CMS Made Simple 2.2.10 has XSS via the advanced_search.php Name field, which is reachable via an “Add a new Profile” action to the File Picker.
Source: NIST
CVE-2019-10017