VYPR

Simple CMS

by Simple CMS

CVEs (146)

  • CVE-2024-27623Mar 5, 2024
    risk 0.00cvss epss 0.00

    CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.

  • CVE-2024-27559Mar 1, 2024
    risk 0.00cvss epss 0.00

    Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /save_settings.php

  • CVE-2024-27689Mar 1, 2024
    risk 0.00cvss epss 0.00

    Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via /update-article.php.

  • CVE-2024-22715Jan 17, 2024
    risk 0.00cvss epss 0.00

    Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin-edit.php.

  • CVE-2023-36970Jul 6, 2023
    risk 0.00cvss epss 0.00

    A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function.

  • CVE-2021-28998May 8, 2023
    risk 0.00cvss epss 0.01

    File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file.

  • CVE-2021-28999May 8, 2023
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.

  • CVE-2021-40961Jun 9, 2022
    risk 0.00cvss epss 0.02

    CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.

  • CVE-2021-43154Apr 13, 2022
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php.

  • CVE-2022-23907Feb 28, 2022
    risk 0.00cvss epss 0.01

    CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage.

  • CVE-2020-23481Sep 22, 2021
    risk 0.00cvss epss 0.00

    CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field.

  • CVE-2019-9060Sep 17, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read…

  • CVE-2020-22732Aug 5, 2021
    risk 0.00cvss epss 0.00

    CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker..

  • CVE-2020-23241Jul 26, 2021
    risk 0.00cvss epss 0.00

    Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature.

  • CVE-2020-23240Jul 26, 2021
    risk 0.00cvss epss 0.00

    Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.

  • CVE-2020-36416Jul 2, 2021
    risk 0.00cvss epss 0.00

    A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Design" parameter under the "Designs" module.

  • CVE-2020-36415Jul 2, 2021
    risk 0.00cvss epss 0.00

    A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Stylesheet" parameter under the "Stylesheets" module.

  • CVE-2020-36414Jul 2, 2021
    risk 0.00cvss epss 0.00

    A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "URL (slug)" or "Extra" fields under the "Add Article" feature.

  • CVE-2020-36413Jul 2, 2021
    risk 0.00cvss epss 0.00

    A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Exclude these IP addresses from the "Site Down" status" parameter under the "Maintenance Mode"…

  • CVE-2020-36412Jul 2, 2021
    risk 0.00cvss epss 0.00

    A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Search Text" field under the "Admin Search" module.

Page 5 of 8