Cmsmadesimple Cms Made Simple vulnerabilities
153 known vulnerabilities affecting cmsmadesimple/cms_made_simple.
Total CVEs
153
CISA KEV
0
Public exploits
19
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH40MEDIUM101LOW4
Vulnerabilities
Page 8 of 8
CVE-2007-5444P4MEDIUMCVSS 5.0v1.1.3.12007-10-14
CVE-2007-5444 [MEDIUM] CWE-200 CVE-2007-5444: CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for uns
CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for unspecified files.
nvd
CVE-2018-10032P4MEDIUMCVSS 4.8≤ 2.2.72018-04-11
CVE-2018-10032 [MEDIUM] CWE-79 CVE-2018-10032: CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter.
nvd
CVE-2018-10029P4MEDIUMCVSS 4.8≤ 2.2.72018-04-11
CVE-2018-10029 [MEDIUM] CVE-2018-10029: CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name par
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799.
nvd
CVE-2014-2092P4MEDIUMCVSS 4.3v1.11.102014-03-02
CVE-2014-2092 [MEDIUM] CVE-2014-2092: Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made
Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Simple 1.11.10 allows remote attackers to inject arbitrary web script or HTML via the action parameter, a different issue than CVE-2014-0334. NOTE: the original disclosure also reported issues that may not cross privilege boundaries.
nvd
CVE-2005-2392P4MEDIUMCVSS 4.3v1.0v1.1+10 more2005-07-27
CVE-2005-2392 [MEDIUM] CVE-2005-2392: Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote att
Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function.
nvd
CVE-2012-1992P4MEDIUMCVSS 4.3≤ 1.10.3v0.1+91 more2012-04-11
CVE-2012-1992 [MEDIUM] CWE-79 CVE-2012-1992: Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier
Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter (aka the Email Address field in the Edit User template).
nvd
CVE-2010-3882P4MEDIUMCVSS 4.3≤ 1.7.1v0.10+48 more2010-10-08
CVE-2010-3882 [MEDIUM] CWE-79 CVE-2010-3882: Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remot
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remote attackers to inject arbitrary web script or HTML via input to the (1) Add Pages, (2) Add Global Content, (3) Edit Global Content, (4) Add Article, (5) Add Category, (6) Add Field Definition, or (7) Add Shortcut module.
nvd
CVE-2010-1482P4MEDIUMCVSS 4.3≤ 1.7v0.10+46 more2010-05-12
CVE-2010-1482 [MEDIUM] CWE-79 CVE-2010-1482: Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (C
Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date_format_string parameter.
nvd
CVE-2007-5443P4MEDIUMCVSS 4.3v1.1.3.12007-10-14
CVE-2007-5443 [MEDIUM] CWE-79 CVE-2007-5443: Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.1.3.1 allow remote attacker
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.1.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) the anchor tag and (2) listtags.
nvd
CVE-2011-3718P4MEDIUMCVSS 5.0v1.9.22011-09-23
CVE-2011-3718 [MEDIUM] CVE-2011-3718: CMS Made Simple (CMSMS) 1.9.2 allows remote attackers to obtain sensitive information via a direct r
CMS Made Simple (CMSMS) 1.9.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/TinyMCE/TinyMCE.module.php and certain other files. NOTE: this might overlap CVE-2007-5444.
nvd
CVE-2018-10521P4LOWCVSS 2.7≤ 2.2.72018-04-27
CVE-2018-10521 [LOW] CWE-434 CVE-2018-10521: In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains
In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory.
nvd
CVE-2007-5442P4LOWCVSS 3.5v1.1.3.12007-10-14
CVE-2007-5442 [LOW] CWE-264 CVE-2007-5442: CMS Made Simple 1.1.3.1 does not check the permissions assigned to users who attempt uploads, which
CMS Made Simple 1.1.3.1 does not check the permissions assigned to users who attempt uploads, which allows remote authenticated users to upload unspecified files via unknown vectors.
nvd
CVE-2013-3929P4LOWCVSS 2.1v1.11.92013-12-09
CVE-2013-3929 [LOW] CWE-79 CVE-2013-3929: Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS Made Simple (CMSMS) 1.11.9 al
Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS Made Simple (CMSMS) 1.11.9 allows remote authenticated users with the "Modify Events" permission to inject arbitrary web script or HTML via the handler parameter.
nvd
← Previous8 / 8