Vendor CVEs
Simple CMS
All CVEs
146 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-36411 | 0.00 | — | 0.00 | Jul 2, 2021 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Path for the {page_image} tag:" or "Path for thumbnail field:" parameters under the "Content… | |||
| CVE-2020-36410 | 0.00 | — | 0.00 | Jul 2, 2021 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Email address to receive notification of news submission" parameter under the "Options" module. | |||
| CVE-2020-36409 | 0.00 | — | 0.00 | Jul 2, 2021 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Category" parameter under the "Categories" module. | |||
| CVE-2020-36408 | 0.00 | — | 0.00 | Jul 2, 2021 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Shortcut" parameter under the "Manage Shortcuts" module. | |||
| CVE-2020-27377 | 0.00 | — | 0.01 | Jun 1, 2021 | A cross-site scripting (XSS) vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14 which allows an attacker to execute arbitrary web scripts. | |||
| CVE-2020-24860 | 0.00 | — | 0.01 | Oct 1, 2020 | CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website. | |||
| CVE-2020-22842 | 0.00 | — | 0.00 | Sep 30, 2020 | CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php. | |||
| CVE-2020-17462 | 0.00 | — | 0.01 | Aug 14, 2020 | CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798. | |||
| CVE-2020-14926 | 0.00 | — | 0.01 | Jun 19, 2020 | CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page. | |||
| CVE-2020-13660 | 0.00 | — | 0.01 | May 28, 2020 | CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name. | |||
| CVE-2020-10682 | 0.00 | — | 0.02 | Mar 20, 2020 | The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code (it need not be a valid JPEG file). | |||
| CVE-2020-10681 | 0.00 | — | 0.01 | Mar 20, 2020 | The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php. | |||
| CVE-2019-17629 | 0.00 | — | 0.01 | Oct 16, 2019 | CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen. | |||
| CVE-2019-17630 | 0.00 | — | 0.01 | Oct 16, 2019 | CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen. | |||
| CVE-2019-17226 | 0.00 | — | 0.01 | Oct 6, 2019 | CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field. | |||
| CVE-2019-11226 | 0.00 | — | 0.01 | Jun 5, 2019 | CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News. | |||
| CVE-2019-11513 | 0.00 | — | 0.01 | Apr 25, 2019 | The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action. | |||
| CVE-2019-9056 | 0.00 | — | 0.01 | Apr 11, 2019 | An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted __FEU__ cookie, and achieve authenticated object… | |||
| CVE-2019-10107 | 0.00 | — | 0.01 | Mar 26, 2019 | CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section. | |||
| CVE-2019-10106 | 0.00 | — | 0.01 | Mar 26, 2019 | CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section. | |||
| CVE-2019-10105 | 0.00 | — | 0.01 | Mar 26, 2019 | CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager. | |||
| CVE-2019-9061 | 0.00 | — | 0.02 | Mar 26, 2019 | An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature. | |||
| CVE-2019-9058 | 0.00 | — | 0.01 | Mar 26, 2019 | An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the sel_groups parameter that leads to authenticated object injection. | |||
| CVE-2019-9057 | 0.00 | — | 0.02 | Mar 26, 2019 | An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection. | |||
| CVE-2019-10017 | 0.00 | — | 0.01 | Mar 24, 2019 | CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker. | |||
| CVE-2019-9693 | 0.00 | — | 0.01 | Mar 11, 2019 | In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id),… | |||
| CVE-2018-20464 | 0.00 | — | 0.01 | Dec 25, 2018 | There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address. | |||
| CVE-2018-19597 | 0.00 | — | 0.01 | Dec 19, 2018 | CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798. | |||
| CVE-2018-18270 | 0.00 | — | 0.01 | Oct 12, 2018 | XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | |||
| CVE-2018-18271 | 0.00 | — | 0.01 | Oct 12, 2018 | XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | |||
| CVE-2014-2245 | 0.00 | — | 0.01 | Mar 5, 2014 | SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are… | |||
| CVE-2014-2092 | 0.00 | — | 0.01 | Mar 2, 2014 | Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Simple 1.11.10 allows remote attackers to inject arbitrary web script or HTML via the action parameter, a different issue than CVE-2014-0334. NOTE: the original disclosure also… | |||
| CVE-2013-3929 | 0.00 | — | 0.01 | Dec 9, 2013 | Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS Made Simple (CMSMS) 1.11.9 allows remote authenticated users with the "Modify Events" permission to inject arbitrary web script or HTML via the handler parameter. | |||
| CVE-2012-6064 | 0.00 | — | 0.01 | Dec 3, 2012 | Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. (dot dot) in the deld parameter. NOTE: this can be leveraged using CSRF… | |||
| CVE-2012-5450 | 0.00 | — | 0.01 | Dec 3, 2012 | Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deld parameter. | |||
| CVE-2012-1992 | 0.00 | — | 0.01 | Apr 11, 2012 | Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter (aka the Email Address field in the Edit User template). | |||
| CVE-2011-3718 | 0.00 | — | 0.01 | Sep 23, 2011 | CMS Made Simple (CMSMS) 1.9.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/TinyMCE/TinyMCE.module.php and certain other files. NOTE: this might… | |||
| CVE-2010-4663 | 0.00 | — | 0.01 | Jun 8, 2011 | Unspecified vulnerability in the News module in CMS Made Simple (CMSMS) before 1.9.1 has unknown impact and attack vectors. | |||
| CVE-2010-3883 | 0.00 | — | 0.01 | Oct 8, 2010 | Cross-site request forgery (CSRF) vulnerability in the Change Group Permissions module in CMS Made Simple 1.7.1 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make permission modifications. | |||
| CVE-2010-3882 | 0.00 | — | 0.01 | Oct 8, 2010 | Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remote attackers to inject arbitrary web script or HTML via input to the (1) Add Pages, (2) Add Global Content, (3) Edit Global Content, (4) Add Article, (5) Add Category, (6) Add… | |||
| CVE-2010-1482 | 0.00 | — | 0.01 | May 12, 2010 | Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date_format_string parameter. | |||
| CVE-2007-5442 | 0.00 | — | 0.01 | Oct 14, 2007 | CMS Made Simple 1.1.3.1 does not check the permissions assigned to users who attempt uploads, which allows remote authenticated users to upload unspecified files via unknown vectors. | |||
| CVE-2007-5443 | 0.00 | — | 0.01 | Oct 14, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.1.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) the anchor tag and (2) listtags. | |||
| CVE-2007-5444 | 0.00 | — | 0.01 | Oct 14, 2007 | CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for unspecified files. | |||
| CVE-2007-5441 | 0.00 | — | 0.01 | Oct 14, 2007 | CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) adding a user via a direct request to admin/adduser.php and (2) reading the admin… | |||
| CVE-2006-6844 | 0.00 | — | 0.01 | Dec 31, 2006 | Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form. |
- CVE-2020-36411Jul 2, 2021risk 0.00cvss —epss 0.00
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Path for the {page_image} tag:" or "Path for thumbnail field:" parameters under the "Content…
- CVE-2020-36410Jul 2, 2021risk 0.00cvss —epss 0.00
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Email address to receive notification of news submission" parameter under the "Options" module.
- CVE-2020-36409Jul 2, 2021risk 0.00cvss —epss 0.00
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Category" parameter under the "Categories" module.
- CVE-2020-36408Jul 2, 2021risk 0.00cvss —epss 0.00
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Shortcut" parameter under the "Manage Shortcuts" module.
- CVE-2020-27377Jun 1, 2021risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14 which allows an attacker to execute arbitrary web scripts.
- CVE-2020-24860Oct 1, 2020risk 0.00cvss —epss 0.01
CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website.
- CVE-2020-22842Sep 30, 2020risk 0.00cvss —epss 0.00
CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php.
- CVE-2020-17462Aug 14, 2020risk 0.00cvss —epss 0.01
CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798.
- CVE-2020-14926Jun 19, 2020risk 0.00cvss —epss 0.01
CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page.
- CVE-2020-13660May 28, 2020risk 0.00cvss —epss 0.01
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.
- CVE-2020-10682Mar 20, 2020risk 0.00cvss —epss 0.02
The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code (it need not be a valid JPEG file).
- CVE-2020-10681Mar 20, 2020risk 0.00cvss —epss 0.01
The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php.
- CVE-2019-17629Oct 16, 2019risk 0.00cvss —epss 0.01
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen.
- CVE-2019-17630Oct 16, 2019risk 0.00cvss —epss 0.01
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen.
- CVE-2019-17226Oct 6, 2019risk 0.00cvss —epss 0.01
CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field.
- CVE-2019-11226Jun 5, 2019risk 0.00cvss —epss 0.01
CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News.
- CVE-2019-11513Apr 25, 2019risk 0.00cvss —epss 0.01
The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action.
- CVE-2019-9056Apr 11, 2019risk 0.00cvss —epss 0.01
An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted __FEU__ cookie, and achieve authenticated object…
- CVE-2019-10107Mar 26, 2019risk 0.00cvss —epss 0.01
CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section.
- CVE-2019-10106Mar 26, 2019risk 0.00cvss —epss 0.01
CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section.
- CVE-2019-10105Mar 26, 2019risk 0.00cvss —epss 0.01
CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager.
- CVE-2019-9061Mar 26, 2019risk 0.00cvss —epss 0.02
An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature.
- CVE-2019-9058Mar 26, 2019risk 0.00cvss —epss 0.01
An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the sel_groups parameter that leads to authenticated object injection.
- CVE-2019-9057Mar 26, 2019risk 0.00cvss —epss 0.02
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection.
- CVE-2019-10017Mar 24, 2019risk 0.00cvss —epss 0.01
CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker.
- CVE-2019-9693Mar 11, 2019risk 0.00cvss —epss 0.01
In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id),…
- CVE-2018-20464Dec 25, 2018risk 0.00cvss —epss 0.01
There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address.
- CVE-2018-19597Dec 19, 2018risk 0.00cvss —epss 0.01
CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798.
- CVE-2018-18270Oct 12, 2018risk 0.00cvss —epss 0.01
XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.
- CVE-2018-18271Oct 12, 2018risk 0.00cvss —epss 0.01
XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.
- CVE-2014-2245Mar 5, 2014risk 0.00cvss —epss 0.01
SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are…
- CVE-2014-2092Mar 2, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Simple 1.11.10 allows remote attackers to inject arbitrary web script or HTML via the action parameter, a different issue than CVE-2014-0334. NOTE: the original disclosure also…
- CVE-2013-3929Dec 9, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS Made Simple (CMSMS) 1.11.9 allows remote authenticated users with the "Modify Events" permission to inject arbitrary web script or HTML via the handler parameter.
- CVE-2012-6064Dec 3, 2012risk 0.00cvss —epss 0.01
Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. (dot dot) in the deld parameter. NOTE: this can be leveraged using CSRF…
- CVE-2012-5450Dec 3, 2012risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deld parameter.
- CVE-2012-1992Apr 11, 2012risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter (aka the Email Address field in the Edit User template).
- CVE-2011-3718Sep 23, 2011risk 0.00cvss —epss 0.01
CMS Made Simple (CMSMS) 1.9.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/TinyMCE/TinyMCE.module.php and certain other files. NOTE: this might…
- CVE-2010-4663Jun 8, 2011risk 0.00cvss —epss 0.01
Unspecified vulnerability in the News module in CMS Made Simple (CMSMS) before 1.9.1 has unknown impact and attack vectors.
- CVE-2010-3883Oct 8, 2010risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the Change Group Permissions module in CMS Made Simple 1.7.1 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make permission modifications.
- CVE-2010-3882Oct 8, 2010risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remote attackers to inject arbitrary web script or HTML via input to the (1) Add Pages, (2) Add Global Content, (3) Edit Global Content, (4) Add Article, (5) Add Category, (6) Add…
- CVE-2010-1482May 12, 2010risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date_format_string parameter.
- CVE-2007-5442Oct 14, 2007risk 0.00cvss —epss 0.01
CMS Made Simple 1.1.3.1 does not check the permissions assigned to users who attempt uploads, which allows remote authenticated users to upload unspecified files via unknown vectors.
- CVE-2007-5443Oct 14, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.1.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) the anchor tag and (2) listtags.
- CVE-2007-5444Oct 14, 2007risk 0.00cvss —epss 0.01
CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for unspecified files.
- CVE-2007-5441Oct 14, 2007risk 0.00cvss —epss 0.01
CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) adding a user via a direct request to admin/adduser.php and (2) reading the admin…
- CVE-2006-6844Dec 31, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form.
Page 3 of 3