Cmsmadesimple
Source repositories
CVEs (100)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-43355 | 0.00 | — | 0.00 | Oct 20, 2023 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component. | |||
| CVE-2023-43357 | 0.00 | — | 0.00 | Oct 20, 2023 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component. | |||
| CVE-2023-43353 | 0.00 | — | 0.00 | Oct 20, 2023 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component. | |||
| CVE-2023-43356 | 0.00 | — | 0.00 | Oct 20, 2023 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component. | |||
| CVE-2023-43354 | 0.00 | — | 0.00 | Oct 20, 2023 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component. | |||
| CVE-2023-43359 | 0.00 | — | 0.00 | Oct 19, 2023 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component. | |||
| CVE-2023-43872 | 0.00 | — | 0.01 | Sep 28, 2023 | A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). | |||
| CVE-2023-43339 | 0.00 | — | 0.01 | Sep 25, 2023 | Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components. | |||
| CVE-2019-11513 | 0.00 | — | 0.01 | Apr 25, 2019 | The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action. | |||
| CVE-2019-9056 | 0.00 | — | 0.01 | Apr 11, 2019 | An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted __FEU__ cookie, and achieve authenticated object… | |||
| CVE-2019-10106 | 0.00 | — | 0.01 | Mar 26, 2019 | CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section. | |||
| CVE-2019-10105 | 0.00 | — | 0.01 | Mar 26, 2019 | CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager. | |||
| CVE-2019-9061 | 0.00 | — | 0.02 | Mar 26, 2019 | An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature. | |||
| CVE-2019-9058 | 0.00 | — | 0.01 | Mar 26, 2019 | An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the sel_groups parameter that leads to authenticated object injection. | |||
| CVE-2019-10017 | 0.00 | — | 0.01 | Mar 24, 2019 | CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker. | |||
| CVE-2019-9693 | 0.00 | — | 0.01 | Mar 11, 2019 | In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id),… | |||
| CVE-2018-20464 | 0.00 | — | 0.01 | Dec 25, 2018 | There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address. | |||
| CVE-2018-19597 | 0.00 | — | 0.01 | Dec 19, 2018 | CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798. | |||
| CVE-2018-18270 | 0.00 | — | 0.01 | Oct 12, 2018 | XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | |||
| CVE-2018-18271 | 0.00 | — | 0.01 | Oct 12, 2018 | XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. |
- CVE-2023-43355Oct 20, 2023risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.
- CVE-2023-43357Oct 20, 2023risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.
- CVE-2023-43353Oct 20, 2023risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.
- CVE-2023-43356Oct 20, 2023risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.
- CVE-2023-43354Oct 20, 2023risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.
- CVE-2023-43359Oct 19, 2023risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component.
- CVE-2023-43872Sep 28, 2023risk 0.00cvss —epss 0.01
A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
- CVE-2023-43339Sep 25, 2023risk 0.00cvss —epss 0.01
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.
- CVE-2019-11513Apr 25, 2019risk 0.00cvss —epss 0.01
The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action.
- CVE-2019-9056Apr 11, 2019risk 0.00cvss —epss 0.01
An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted __FEU__ cookie, and achieve authenticated object…
- CVE-2019-10106Mar 26, 2019risk 0.00cvss —epss 0.01
CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section.
- CVE-2019-10105Mar 26, 2019risk 0.00cvss —epss 0.01
CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager.
- CVE-2019-9061Mar 26, 2019risk 0.00cvss —epss 0.02
An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature.
- CVE-2019-9058Mar 26, 2019risk 0.00cvss —epss 0.01
An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the sel_groups parameter that leads to authenticated object injection.
- CVE-2019-10017Mar 24, 2019risk 0.00cvss —epss 0.01
CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker.
- CVE-2019-9693Mar 11, 2019risk 0.00cvss —epss 0.01
In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id),…
- CVE-2018-20464Dec 25, 2018risk 0.00cvss —epss 0.01
There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address.
- CVE-2018-19597Dec 19, 2018risk 0.00cvss —epss 0.01
CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798.
- CVE-2018-18270Oct 12, 2018risk 0.00cvss —epss 0.01
XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.
- CVE-2018-18271Oct 12, 2018risk 0.00cvss —epss 0.01
XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.
Page 4 of 5