Cms Made Simple

cms_made_simple

Vendor: Cmsmadesimple • 154 CVEs

CVEs (154)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-5965 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Jan 25, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter.
CVE-2018-5964 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Jan 25, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter.
CVE-2018-5963 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Jan 25, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter.
CVE-2017-1000454 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Jan 2, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1
CVE-2017-1000453 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Jan 2, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.
CVE-2017-17735 1Cmsmadesimple 1Cms Made Simple May 13, 2026 Dec 18, 2017 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.
CVE-2017-17734 1Cmsmadesimple 1Cms Made Simple May 13, 2026 Dec 18, 2017 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.
CVE-2017-16798 1Cmsmadesimple 1Cms Made Simple May 13, 2026 Nov 12, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended...Show more In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg.Show less
CVE-2017-16784 1Cmsmadesimple 1Cms Made Simple May 13, 2026 Nov 10, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter.
CVE-2017-16783 1Cmsmadesimple 1Cms Made Simple May 13, 2026 Nov 10, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
CVE-2017-11405 1Cmsmadesimple 1Cms Made Simple May 13, 2026 Jul 18, 2017 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in wh...Show more In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file.Show less
CVE-2017-11404 1Cmsmadesimple 1Cms Made Simple May 13, 2026 Jul 18, 2017 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php.
CVE-2017-9668 1Cmsmadesimple 1Cms Made Simple May 13, 2026 Jun 18, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action.
CVE-2017-8912 1Cmsmadesimple 1Cms Made Simple May 13, 2026 May 12, 2017 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: th...Show more CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug.Show less
CVE-2017-7257 1Cmsmadesimple 1Cms Made Simple May 13, 2026 Mar 24, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack.
CVE-2017-7256 1Cmsmadesimple 1Cms Made Simple May 13, 2026 Mar 24, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack.
CVE-2017-7255 1Cmsmadesimple 1Cms Made Simple May 13, 2026 Mar 24, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack.
CVE-2017-6556 1Cmsmadesimple 1Cms Made Simple May 13, 2026 Mar 9, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" fie...Show more Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field.Show less
CVE-2017-6555 1Cmsmadesimple 1Cms Made Simple May 13, 2026 Mar 9, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manag...Show more Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description").Show less
CVE-2017-6072 1Cmsmadesimple 2Cms Made Simple Form Builder May 13, 2026 Feb 21, 2017 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin.

Previous 1...4 567 8 Next