Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Cmsmadesimple Subscribe
Total 155 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-9053 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 6.8 MEDIUM 8.1 HIGH
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
CVE-2019-17630 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 3.5 LOW 4.8 MEDIUM
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen.
CVE-2019-17629 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 3.5 LOW 4.8 MEDIUM
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen.
CVE-2019-17226 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 3.5 LOW 4.8 MEDIUM
CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field.
CVE-2019-11513 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 3.5 LOW 4.8 MEDIUM
The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action.
CVE-2019-11226 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 3.5 LOW 5.4 MEDIUM
CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News.
CVE-2019-10107 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 3.5 LOW 5.4 MEDIUM
CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section.
CVE-2019-10106 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 3.5 LOW 5.4 MEDIUM
CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section.
CVE-2019-10105 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 3.5 LOW 5.4 MEDIUM
CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager.
CVE-2019-10017 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 3.5 LOW 5.4 MEDIUM
CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker.
CVE-2019-1010290 1 Cmsmadesimple 1 Bable\ 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a "newurl" parameter. The component is: redirect.php. The attack vector is: The victim must open a link created by an attacker. Attacker may use any legitimate site using Babel to redirect user to a URL of his/her choosing.
CVE-2018-9921 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an admin/checksum.php?__c= request.
CVE-2018-8058 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 3.5 LOW 4.8 MEDIUM
CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter.
CVE-2018-7893 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 3.5 LOW 4.8 MEDIUM
CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter.
CVE-2018-7448 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 8.5 HIGH 7.5 HIGH
Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure.
CVE-2018-5965 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 3.5 LOW 4.8 MEDIUM
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter.
CVE-2018-5964 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 3.5 LOW 4.8 MEDIUM
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter.
CVE-2018-5963 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 3.5 LOW 4.8 MEDIUM
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter.
CVE-2018-20464 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address.
CVE-2018-19597 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 3.5 LOW 4.8 MEDIUM
CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798.