cbcvebase.

Cmsmadesimple Cms Made Simple vulnerabilities

153 known vulnerabilities affecting cmsmadesimple/cms_made_simple.

Total CVEs
153
CISA KEV
0
Public exploits
19
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH40MEDIUM101LOW4

Vulnerabilities

Page 8 of 8
CVE-2007-5444P4MEDIUMCVSS 5.0v1.1.3.12007-10-14
CVE-2007-5444 [MEDIUM] CWE-200 CVE-2007-5444: CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for uns CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for unspecified files.
nvd
CVE-2018-10032P4MEDIUMCVSS 4.8≤ 2.2.72018-04-11
CVE-2018-10032 [MEDIUM] CWE-79 CVE-2018-10032: CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter.
nvd
CVE-2018-10029P4MEDIUMCVSS 4.8≤ 2.2.72018-04-11
CVE-2018-10029 [MEDIUM] CVE-2018-10029: CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name par CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799.
nvd
CVE-2014-2092P4MEDIUMCVSS 4.3v1.11.102014-03-02
CVE-2014-2092 [MEDIUM] CVE-2014-2092: Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Simple 1.11.10 allows remote attackers to inject arbitrary web script or HTML via the action parameter, a different issue than CVE-2014-0334. NOTE: the original disclosure also reported issues that may not cross privilege boundaries.
nvd
CVE-2005-2392P4MEDIUMCVSS 4.3v1.0v1.1+10 more2005-07-27
CVE-2005-2392 [MEDIUM] CVE-2005-2392: Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote att Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function.
nvd
CVE-2012-1992P4MEDIUMCVSS 4.3≤ 1.10.3v0.1+91 more2012-04-11
CVE-2012-1992 [MEDIUM] CWE-79 CVE-2012-1992: Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter (aka the Email Address field in the Edit User template).
nvd
CVE-2010-3882P4MEDIUMCVSS 4.3≤ 1.7.1v0.10+48 more2010-10-08
CVE-2010-3882 [MEDIUM] CWE-79 CVE-2010-3882: Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remot Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remote attackers to inject arbitrary web script or HTML via input to the (1) Add Pages, (2) Add Global Content, (3) Edit Global Content, (4) Add Article, (5) Add Category, (6) Add Field Definition, or (7) Add Shortcut module.
nvd
CVE-2010-1482P4MEDIUMCVSS 4.3≤ 1.7v0.10+46 more2010-05-12
CVE-2010-1482 [MEDIUM] CWE-79 CVE-2010-1482: Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (C Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date_format_string parameter.
nvd
CVE-2007-5443P4MEDIUMCVSS 4.3v1.1.3.12007-10-14
CVE-2007-5443 [MEDIUM] CWE-79 CVE-2007-5443: Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.1.3.1 allow remote attacker Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.1.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) the anchor tag and (2) listtags.
nvd
CVE-2011-3718P4MEDIUMCVSS 5.0v1.9.22011-09-23
CVE-2011-3718 [MEDIUM] CVE-2011-3718: CMS Made Simple (CMSMS) 1.9.2 allows remote attackers to obtain sensitive information via a direct r CMS Made Simple (CMSMS) 1.9.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/TinyMCE/TinyMCE.module.php and certain other files. NOTE: this might overlap CVE-2007-5444.
nvd
CVE-2018-10521P4LOWCVSS 2.7≤ 2.2.72018-04-27
CVE-2018-10521 [LOW] CWE-434 CVE-2018-10521: In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory.
nvd
CVE-2007-5442P4LOWCVSS 3.5v1.1.3.12007-10-14
CVE-2007-5442 [LOW] CWE-264 CVE-2007-5442: CMS Made Simple 1.1.3.1 does not check the permissions assigned to users who attempt uploads, which CMS Made Simple 1.1.3.1 does not check the permissions assigned to users who attempt uploads, which allows remote authenticated users to upload unspecified files via unknown vectors.
nvd
CVE-2013-3929P4LOWCVSS 2.1v1.11.92013-12-09
CVE-2013-3929 [LOW] CWE-79 CVE-2013-3929: Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS Made Simple (CMSMS) 1.11.9 al Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS Made Simple (CMSMS) 1.11.9 allows remote authenticated users with the "Modify Events" permission to inject arbitrary web script or HTML via the handler parameter.
nvd
Cmsmadesimple Cms Made Simple vulnerabilities | cvebase