Total
136 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-8912 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-04-11 | 6.5 MEDIUM | 7.2 HIGH |
** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug." | |||||
CVE-2017-7255 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-14 | 3.5 LOW | 5.4 MEDIUM |
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack. | |||||
CVE-2017-7256 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-14 | 3.5 LOW | 5.4 MEDIUM |
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack. | |||||
CVE-2017-7257 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-14 | 3.5 LOW | 5.4 MEDIUM |
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack. | |||||
CVE-2021-28998 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | N/A | 7.2 HIGH |
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file. | |||||
CVE-2021-28999 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | N/A | 8.8 HIGH |
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php. | |||||
CVE-2023-36970 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | N/A | 5.4 MEDIUM |
A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function. | |||||
CVE-2023-36969 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | N/A | 8.8 HIGH |
CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function. | |||||
CVE-2021-40961 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '. | |||||
CVE-2021-43154 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php. | |||||
CVE-2022-23907 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage. | |||||
CVE-2022-23906 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file. | |||||
CVE-2019-9060 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary file content (by using that path traversal with m1_prefname set to cg_errormsg and m1_resettodefault=1). | |||||
CVE-2020-23481 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field. | |||||
CVE-2020-22732 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker.. | |||||
CVE-2020-23241 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature. | |||||
CVE-2020-36414 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "URL (slug)" or "Extra" fields under the "Add Article" feature. | |||||
CVE-2020-36412 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Search Text" field under the "Admin Search" module. | |||||
CVE-2020-36408 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Shortcut" parameter under the "Manage Shortcuts" module. | |||||
CVE-2020-36411 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Path for the {page_image} tag:" or "Path for thumbnail field:" parameters under the "Content Editing Settings" module. |