Cmsmadesimple Cms Made Simple vulnerabilities
153 known vulnerabilities affecting cmsmadesimple/cms_made_simple.
Total CVEs
153
CISA KEV
0
Public exploits
19
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH40MEDIUM101LOW4
Vulnerabilities
Page 6 of 8
CVE-2020-36415P4MEDIUMCVSS 5.4v2.2.142021-07-02
CVE-2020-36415 [MEDIUM] CWE-79 CVE-2020-36415: A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attacker
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Stylesheet" parameter under the "Stylesheets" module.
nvd
CVE-2020-36414P4MEDIUMCVSS 5.4v2.2.142021-07-02
CVE-2020-36414 [MEDIUM] CWE-79 CVE-2020-36414: A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attacker
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "URL (slug)" or "Extra" fields under the "Add Article" feature.
nvd
CVE-2018-18270P4MEDIUMCVSS 6.1v2.2.72018-10-12
CVE-2018-18270 [MEDIUM] CWE-79 CVE-2018-18270: XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterfac
XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.
nvd
CVE-2018-18271P4MEDIUMCVSS 6.1v2.2.72018-10-12
CVE-2018-18271 [MEDIUM] CWE-79 CVE-2018-18271: XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.p
XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.
nvd
CVE-2022-23907P4MEDIUMCVSS 6.1v2.2.152022-02-28
CVE-2022-23907 [MEDIUM] CWE-79 CVE-2022-23907: CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerabili
CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage.
nvd
CVE-2017-9668P4MEDIUMCVSS 6.1v2.1.62017-06-18
CVE-2017-9668 [MEDIUM] CWE-79 CVE-2017-9668: In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering,
In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action.
nvd
CVE-2019-10106P4MEDIUMCVSS 5.4v2.2.102019-03-26
CVE-2019-10106 [MEDIUM] CWE-79 CVE-2019-10106: CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "
CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section.
nvd
CVE-2019-10107P4MEDIUMCVSS 5.4v2.2.102019-03-26
CVE-2019-10107 [MEDIUM] CWE-79 CVE-2019-10107: CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via t
CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section.
nvd
CVE-2020-14926P4MEDIUMCVSS 5.4v2.2.142020-06-19
CVE-2020-14926 [MEDIUM] CWE-79 CVE-2020-14926: CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleMana
CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page.
nvd
CVE-2017-7257P4MEDIUMCVSS 5.4v2.1.62017-03-24
CVE-2017-7257 [MEDIUM] CWE-79 CVE-2017-7257: XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_co
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack.
nvd
CVE-2017-7255P4MEDIUMCVSS 5.4v2.1.62017-03-24
CVE-2017-7255 [MEDIUM] CWE-79 CVE-2017-7255: XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_ti
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack.
nvd
CVE-2017-7256P4MEDIUMCVSS 5.4v2.1.62017-03-24
CVE-2017-7256 [MEDIUM] CWE-79 CVE-2017-7256: XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_su
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack.
nvd
CVE-2020-36412P4MEDIUMCVSS 5.4v2.2.142021-07-02
CVE-2020-36412 [MEDIUM] CWE-79 CVE-2020-36412: A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attacker
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Search Text" field under the "Admin Search" module.
nvd
CVE-2012-6064P4LOWCVSS 3.5≤ 1.11.2v0.1+82 more2012-12-03
CVE-2012-6064 [LOW] CVE-2012-6064: Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMS
Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. (dot dot) in the deld parameter. NOTE: this can be leveraged using CSRF (CVE-2012-5450) to allow remote attackers to delete arbitrary files.
nvd
CVE-2018-20464P4MEDIUMCVSS 6.1v2.2.82018-12-25
CVE-2018-20464 [MEDIUM] CWE-79 CVE-2018-20464: There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulner
There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address.
nvd
CVE-2017-16784P4MEDIUMCVSS 6.1v2.2.22017-11-10
CVE-2017-16784 [MEDIUM] CWE-79 CVE-2017-16784: In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter.
In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter.
nvd
CVE-2017-6555P4MEDIUMCVSS 5.4v2.1.62017-03-09
CVE-2017-6555 [MEDIUM] CWE-79 CVE-2017-6555: Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allo
Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description").
nvd
CVE-2017-6556P4MEDIUMCVSS 5.4v2.1.62017-03-09
CVE-2017-6556 [MEDIUM] CWE-79 CVE-2017-6556: Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticate
Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field.
nvd
CVE-2020-23481P4MEDIUMCVSS 5.4v2.2.142021-09-22
CVE-2020-23481 [MEDIUM] CWE-79 CVE-2020-23481: CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which al
CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field.
nvd
CVE-2018-10522P4MEDIUMCVSS 4.9≤ 2.2.72018-04-27
CVE-2018-10522 [MEDIUM] CWE-200 CVE-2018-10522: In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains
In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents function.
nvd