Cmsmadesimple

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-7893 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Mar 12, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter.
CVE-2018-7448 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Feb 26, 2018 N/A· v4 7.5 HIGH· v3 8.5 HIGH· v2 Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installati...Show more Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure.Show less
CVE-2018-5965 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Jan 25, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter.
CVE-2018-5964 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Jan 25, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter.
CVE-2018-5963 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Jan 25, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter.
CVE-2017-1000454 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Jan 2, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1
CVE-2017-1000453 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Jan 2, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.
CVE-2017-17735 1Cmsmadesimple 1Cms Made Simple May 13, 2026 Dec 18, 2017 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.
CVE-2017-17734 1Cmsmadesimple 1Cms Made Simple May 13, 2026 Dec 18, 2017 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.
CVE-2017-16799 1Cmsmadesimple 1Cmsmadesimple May 13, 2026 Nov 12, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882.
CVE-2017-16798 1Cmsmadesimple 1Cms Made Simple May 13, 2026 Nov 12, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended...Show more In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg.Show less
CVE-2017-16784 1Cmsmadesimple 1Cms Made Simple May 13, 2026 Nov 10, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter.
CVE-2017-16783 1Cmsmadesimple 1Cms Made Simple May 13, 2026 Nov 10, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
CVE-2017-11405 1Cmsmadesimple 1Cms Made Simple May 13, 2026 Jul 18, 2017 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in wh...Show more In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file.Show less
CVE-2017-11404 1Cmsmadesimple 1Cms Made Simple May 13, 2026 Jul 18, 2017 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php.
CVE-2017-9668 1Cmsmadesimple 1Cms Made Simple May 13, 2026 Jun 18, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action.
CVE-2017-8912 1Cmsmadesimple 1Cms Made Simple May 13, 2026 May 12, 2017 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: th...Show more CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug.Show less
CVE-2017-7257 1Cmsmadesimple 1Cms Made Simple May 13, 2026 Mar 24, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack.
CVE-2017-7256 1Cmsmadesimple 1Cms Made Simple May 13, 2026 Mar 24, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack.
CVE-2017-7255 1Cmsmadesimple 1Cms Made Simple May 13, 2026 Mar 24, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack.

Previous 1...4 567 8 Next