Cmsmadesimple

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-63678 1Cmsmadesimple 1File Manager Dec 31, 2025 Nov 10, 2025 N/A· v4 7.2 HIGH· v3 N/A· v2 An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a c...Show more An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file.Show less
CVE-2025-5153 1Cmsmadesimple 1Cms Made Simple Jun 3, 2025 May 25, 2025 5.1 MEDIUM· v4 4.8 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown processing of the component Design Manager Module. The manipulation of the argument Descript...Show more A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown processing of the component Design Manager Module. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-1529 1Cmsmadesimple 1Cms Made Simple Jul 11, 2025 Mar 12, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/adduser.php, in multiple parameters. This vulnerab...Show more Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/adduser.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and partially take over their browser session.Show less
CVE-2024-1528 1Cmsmadesimple 1Cms Made Simple Feb 26, 2025 Mar 12, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/moduleinterface.php, in multiple parameters. This vulnerability c...Show more CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/moduleinterface.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session.Show less
CVE-2024-1527 1Cmsmadesimple 1Cms Made Simple Feb 26, 2025 Mar 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a re...Show more Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell.Show less
CVE-2024-27625 1Cmsmadesimple 1Cms Made Simple Mar 28, 2025 Mar 5, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user...Show more CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the "New directory" field.Show less
CVE-2024-27623 1Cmsmadesimple 1Cms Made Simple Dec 17, 2025 Mar 5, 2024 N/A· v4 5.9 MEDIUM· v3 N/A· v2 CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.
CVE-2024-27622 1Cmsmadesimple 1Cms Made Simple Mar 28, 2025 Mar 5, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19 / 2.2.21. This vulnerability arises from inadequate sanitization of user-supplied input in the '...Show more A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19 / 2.2.21. This vulnerability arises from inadequate sanitization of user-supplied input in the 'Code' section of the module. As a result, authenticated users with administrative privileges can inject and execute arbitrary PHP code.Show less
CVE-2023-43352 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Oct 26, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component.
CVE-2023-43360 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Oct 25, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.
CVE-2023-43358 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Oct 23, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.
CVE-2023-43357 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Oct 20, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.
CVE-2023-43356 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Oct 20, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.
CVE-2023-43355 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Oct 20, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component...Show more Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.Show less
CVE-2023-43354 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Oct 20, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.
CVE-2023-43353 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Oct 20, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.
CVE-2023-43359 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Oct 19, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu com...Show more Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component.Show less
CVE-2023-43872 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Sep 28, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
CVE-2023-43339 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Sep 25, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.
CVE-2023-36970 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Jul 6, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function.

12 3 4 5...8 Next