Simple CMS
by Simple CMS
CVEs (146)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-27623 | 0.00 | — | 0.00 | Mar 5, 2024 | CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs. | |||
| CVE-2024-27559 | 0.00 | — | 0.00 | Mar 1, 2024 | Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /save_settings.php | |||
| CVE-2024-27689 | 0.00 | — | 0.00 | Mar 1, 2024 | Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via /update-article.php. | |||
| CVE-2024-22715 | 0.00 | — | 0.00 | Jan 17, 2024 | Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin-edit.php. | |||
| CVE-2023-36970 | 0.00 | — | 0.00 | Jul 6, 2023 | A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function. | |||
| CVE-2021-28998 | 0.00 | — | 0.01 | May 8, 2023 | File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file. | |||
| CVE-2021-28999 | 0.00 | — | 0.01 | May 8, 2023 | SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php. | |||
| CVE-2021-40961 | 0.00 | — | 0.02 | Jun 9, 2022 | CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '. | |||
| CVE-2021-43154 | 0.00 | — | 0.01 | Apr 13, 2022 | Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php. | |||
| CVE-2022-23907 | 0.00 | — | 0.01 | Feb 28, 2022 | CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage. | |||
| CVE-2020-23481 | 0.00 | — | 0.00 | Sep 22, 2021 | CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field. | |||
| CVE-2019-9060 | 0.00 | — | 0.01 | Sep 17, 2021 | An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read… | |||
| CVE-2020-22732 | 0.00 | — | 0.00 | Aug 5, 2021 | CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker.. | |||
| CVE-2020-23241 | 0.00 | — | 0.00 | Jul 26, 2021 | Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature. | |||
| CVE-2020-23240 | 0.00 | — | 0.00 | Jul 26, 2021 | Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature. | |||
| CVE-2020-36416 | 0.00 | — | 0.00 | Jul 2, 2021 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Design" parameter under the "Designs" module. | |||
| CVE-2020-36415 | 0.00 | — | 0.00 | Jul 2, 2021 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Stylesheet" parameter under the "Stylesheets" module. | |||
| CVE-2020-36414 | 0.00 | — | 0.00 | Jul 2, 2021 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "URL (slug)" or "Extra" fields under the "Add Article" feature. | |||
| CVE-2020-36413 | 0.00 | — | 0.00 | Jul 2, 2021 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Exclude these IP addresses from the "Site Down" status" parameter under the "Maintenance Mode"… | |||
| CVE-2020-36412 | 0.00 | — | 0.00 | Jul 2, 2021 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Search Text" field under the "Admin Search" module. |
- CVE-2024-27623Mar 5, 2024risk 0.00cvss —epss 0.00
CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.
- CVE-2024-27559Mar 1, 2024risk 0.00cvss —epss 0.00
Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /save_settings.php
- CVE-2024-27689Mar 1, 2024risk 0.00cvss —epss 0.00
Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via /update-article.php.
- CVE-2024-22715Jan 17, 2024risk 0.00cvss —epss 0.00
Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin-edit.php.
- CVE-2023-36970Jul 6, 2023risk 0.00cvss —epss 0.00
A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function.
- CVE-2021-28998May 8, 2023risk 0.00cvss —epss 0.01
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file.
- CVE-2021-28999May 8, 2023risk 0.00cvss —epss 0.01
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.
- CVE-2021-40961Jun 9, 2022risk 0.00cvss —epss 0.02
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.
- CVE-2021-43154Apr 13, 2022risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php.
- CVE-2022-23907Feb 28, 2022risk 0.00cvss —epss 0.01
CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage.
- CVE-2020-23481Sep 22, 2021risk 0.00cvss —epss 0.00
CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field.
- CVE-2019-9060Sep 17, 2021risk 0.00cvss —epss 0.01
An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read…
- CVE-2020-22732Aug 5, 2021risk 0.00cvss —epss 0.00
CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker..
- CVE-2020-23241Jul 26, 2021risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature.
- CVE-2020-23240Jul 26, 2021risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.
- CVE-2020-36416Jul 2, 2021risk 0.00cvss —epss 0.00
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Design" parameter under the "Designs" module.
- CVE-2020-36415Jul 2, 2021risk 0.00cvss —epss 0.00
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Stylesheet" parameter under the "Stylesheets" module.
- CVE-2020-36414Jul 2, 2021risk 0.00cvss —epss 0.00
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "URL (slug)" or "Extra" fields under the "Add Article" feature.
- CVE-2020-36413Jul 2, 2021risk 0.00cvss —epss 0.00
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Exclude these IP addresses from the "Site Down" status" parameter under the "Maintenance Mode"…
- CVE-2020-36412Jul 2, 2021risk 0.00cvss —epss 0.00
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Search Text" field under the "Admin Search" module.
Page 5 of 8