cbcvebase.

Cmsmadesimple Cms Made Simple vulnerabilities

153 known vulnerabilities affecting cmsmadesimple/cms_made_simple.

Total CVEs
153
CISA KEV
0
Public exploits
19
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH40MEDIUM101LOW4

Vulnerabilities

Page 7 of 8
CVE-2006-6844P4MEDIUMCVSS 6.8v1.0.22006-12-31
CVE-2006-6844 [MEDIUM] CVE-2006-6844: Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0. Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form.
nvd
CVE-2020-22732P4MEDIUMCVSS 4.8v2.2.142021-08-05
CVE-2020-22732 [MEDIUM] CWE-79 CVE-2020-22732: CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker.. CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker..
nvd
CVE-2007-0610P4MEDIUMCVSS 6.8v2.72007-01-31
CVE-2007-0610 [MEDIUM] CVE-2007-0610: Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
nvd
CVE-2020-13660P4MEDIUMCVSS 4.8≤ 2.2.142020-05-28
CVE-2020-13660 [MEDIUM] CWE-79 CVE-2020-13660: CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name. CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.
nvd
CVE-2019-17629P4MEDIUMCVSS 4.8v2.2.112019-10-16
CVE-2019-17629 [MEDIUM] CWE-79 CVE-2019-17629: CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "fi CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen.
nvd
CVE-2024-27625P4MEDIUMCVSS 4.8v2.2.192024-03-05
CVE-2024-27625 [MEDIUM] CWE-79 CVE-2024-27625: CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). This vulnerability resid CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the "New directory" field.
nvd
CVE-2018-5963P4MEDIUMCVSS 4.8v2.2.52018-01-25
CVE-2018-5963 [MEDIUM] CWE-79 CVE-2018-5963: CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter. CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter.
nvd
CVE-2018-5965P4MEDIUMCVSS 4.8v2.2.52018-01-25
CVE-2018-5965 [MEDIUM] CWE-79 CVE-2018-5965: CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter. CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter.
nvd
CVE-2019-17226P4MEDIUMCVSS 4.8v2.2.112019-10-06
CVE-2019-17226 [MEDIUM] CWE-79 CVE-2019-17226: CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field. CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field.
nvd
CVE-2018-7893P4MEDIUMCVSS 4.8v2.2.62018-03-12
CVE-2018-7893 [MEDIUM] CWE-79 CVE-2018-7893: CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter.
nvd
CVE-2019-17630P4MEDIUMCVSS 4.8v2.2.112019-10-16
CVE-2019-17630 [MEDIUM] CWE-79 CVE-2019-17630: CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "Ne CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen.
nvd
CVE-2018-5964P4MEDIUMCVSS 4.8v2.2.52018-01-25
CVE-2018-5964 [MEDIUM] CWE-79 CVE-2018-5964: CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter. CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter.
nvd
CVE-2018-19597P4MEDIUMCVSS 4.8v2.2.82018-12-19
CVE-2018-19597 [MEDIUM] CVE-2018-19597: CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798. CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798.
nvd
CVE-2018-10033P4MEDIUMCVSS 4.8≤ 2.2.72018-04-11
CVE-2018-10033 [MEDIUM] CWE-79 CVE-2018-10033: CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter. CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter.
nvd
CVE-2019-11513P4MEDIUMCVSS 4.8≤ 2.2.102019-04-25
CVE-2019-11513 [MEDIUM] CWE-79 CVE-2019-11513: The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a R The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action.
nvd
CVE-2018-8058P4MEDIUMCVSS 4.8v2.2.62018-03-12
CVE-2018-8058 [MEDIUM] CWE-79 CVE-2018-8058: CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter. CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter.
nvd
CVE-2020-27377P4MEDIUMCVSS 4.8v2.2.142021-06-01
CVE-2020-27377 [MEDIUM] CWE-79 CVE-2020-27377: A cross-site scripting (XSS) vulnerability was discovered in the Administrator panel on the 'Setting A cross-site scripting (XSS) vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14 which allows an attacker to execute arbitrary web scripts.
nvd
CVE-2020-23240P4MEDIUMCVSS 4.8v2.2.142021-07-26
CVE-2020-23240 [MEDIUM] CWE-79 CVE-2020-23240: Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.
nvd
CVE-2020-23241P4MEDIUMCVSS 4.8v2.2.142021-07-26
CVE-2020-23241 [MEDIUM] CWE-79 CVE-2020-23241: Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" f Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature.
nvd
CVE-2013-4167P4MEDIUMCVSS 4.3≤ 1.11.6v1.11+6 more2013-10-11
CVE-2013-4167 [MEDIUM] CWE-79 CVE-2013-4167: Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) before 1.11.7 allows remote atta Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) before 1.11.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
Cmsmadesimple Cms Made Simple vulnerabilities | cvebase