cbcvebase.

Cmsmadesimple Cms Made Simple vulnerabilities

153 known vulnerabilities affecting cmsmadesimple/cms_made_simple.

Total CVEs
153
CISA KEV
0
Public exploits
19
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH40MEDIUM101LOW4

Vulnerabilities

Page 5 of 8
CVE-2023-43358P4MEDIUMCVSS 5.4v2.2.182023-10-23
CVE-2023-43358 [MEDIUM] CWE-79 CVE-2023-43358: Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbi Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.
nvd
CVE-2020-22842P4MEDIUMCVSS 5.4fixed in 2.2.152020-09-30
CVE-2020-22842 [MEDIUM] CWE-79 CVE-2020-22842: CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php.
nvd
CVE-2023-43355P4MEDIUMCVSS 5.4v2.2.182023-10-20
CVE-2023-43355 [MEDIUM] CWE-79 CVE-2023-43355: Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbi Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.
nvd
CVE-2023-43353P4MEDIUMCVSS 5.4v2.2.182023-10-20
CVE-2023-43353 [MEDIUM] CWE-79 CVE-2023-43353: Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbi Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.
nvd
CVE-2020-36413P4MEDIUMCVSS 5.4v2.2.142021-07-02
CVE-2020-36413 [MEDIUM] CWE-79 CVE-2020-36413: A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attacker A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Exclude these IP addresses from the "Site Down" status" parameter under the "Maintenance Mode" module.
nvd
CVE-2023-36970P4MEDIUMCVSS 5.4v2.2.172023-07-06
CVE-2023-36970 [MEDIUM] CWE-79 CVE-2023-36970: A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inj A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function.
nvd
CVE-2023-43359P4MEDIUMCVSS 5.4v2.2.182023-10-19
CVE-2023-43359 [MEDIUM] CWE-79 CVE-2023-43359: Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbi Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component.
nvd
CVE-2023-43357P4MEDIUMCVSS 5.4v2.2.182023-10-20
CVE-2023-43357 [MEDIUM] CWE-79 CVE-2023-43357: Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbi Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.
nvd
CVE-2023-43356P4MEDIUMCVSS 5.4v2.2.182023-10-20
CVE-2023-43356 [MEDIUM] CWE-79 CVE-2023-43356: Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbi Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.
nvd
CVE-2023-43354P4MEDIUMCVSS 5.4v2.2.182023-10-20
CVE-2023-43354 [MEDIUM] CWE-79 CVE-2023-43354: Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbi Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.
nvd
CVE-2017-11404P4MEDIUMCVSS 4.9v2.2.22017-07-18
CVE-2017-11404 [MEDIUM] CWE-434 CVE-2017-11404: In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a F In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php.
nvd
CVE-2025-5153P4MEDIUMCVSS 4.8v2.2.212025-05-25
CVE-2025-5153 [MEDIUM] CWE-79 CVE-2025-5153: A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown processing of the component Design Manager Module. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
nvd
CVE-2007-5441P4MEDIUMCVSS 6.5v1.1.3.12007-10-14
CVE-2007-5441 [MEDIUM] CWE-264 CVE-2007-5441: CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which a CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) adding a user via a direct request to admin/adduser.php and (2) reading the admin log via an "admin/adminlog.php?page=1" request.
nvd
CVE-2021-43154P4MEDIUMCVSS 6.1v2.2.152022-04-13
CVE-2021-43154 [MEDIUM] CWE-79 CVE-2021-43154: Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an A Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php.
nvd
CVE-2019-10017P4MEDIUMCVSS 5.4v2.2.102019-03-24
CVE-2019-10017 [MEDIUM] CWE-79 CVE-2019-10017: CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Ad CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker.
nvd
CVE-2020-36410P4MEDIUMCVSS 5.4v2.2.142021-07-02
CVE-2020-36410 [MEDIUM] CWE-79 CVE-2020-36410: A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attacker A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Email address to receive notification of news submission" parameter under the "Options" module.
nvd
CVE-2020-36409P4MEDIUMCVSS 5.4v2.2.142021-07-02
CVE-2020-36409 [MEDIUM] CWE-79 CVE-2020-36409: A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attacker A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Category" parameter under the "Categories" module.
nvd
CVE-2020-36408P4MEDIUMCVSS 5.4v2.2.142021-07-02
CVE-2020-36408 [MEDIUM] CWE-79 CVE-2020-36408: A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attacker A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Shortcut" parameter under the "Manage Shortcuts" module.
nvd
CVE-2020-36411P4MEDIUMCVSS 5.4v2.2.142021-07-02
CVE-2020-36411 [MEDIUM] CWE-79 CVE-2020-36411: A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attacker A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Path for the {page_image} tag:" or "Path for thumbnail field:" parameters under the "Content Editing Settings" module.
nvd
CVE-2020-36416P4MEDIUMCVSS 5.4v2.2.142021-07-02
CVE-2020-36416 [MEDIUM] CWE-79 CVE-2020-36416: A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attacker A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Design" parameter under the "Designs" module.
nvd
Cmsmadesimple Cms Made Simple vulnerabilities | cvebase