CMS Made Simple is an open source project which uses the smarty template engine in various places. Its website is at http://cmsmadesimple.org while the smarty site is at http://smarty.php.net CMS Made Simple suffers from a Cross Site scripting (XSS) and path disclosure vulnerability; http://[host]/[folder]/index.php?page= FNSE advisory http://fnse.be.tt Watch out for my new book "How to Make Unhackable French Fries" RB9