Vulnerabilities > Cmsimple
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-13 | CVE-2021-43741 | Path Traversal vulnerability in Cmsimple 5.4 CMSimple 5.4 is vulnerable to Directory Traversal. | 7.5 |
2022-04-13 | CVE-2021-43742 | Cross-site Scripting vulnerability in Cmsimple 5.4 CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload feature. | 3.5 |
2018-12-19 | CVE-2018-19508 | Cross-site Scripting vulnerability in Cmsimple 4.7.5 CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/ URI. | 3.5 |
2018-12-19 | CVE-2018-19507 | Cross-site Scripting vulnerability in Cmsimple 4.7.5 CMSimple 4.7.5 has XSS via an admin's use of a ?file=config&action=array URI. | 3.5 |
2014-03-20 | CVE-2014-2219 | Cross-Site Scripting vulnerability in Cmsimple Classic 3.5.4 Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in CMSimple Classic 3.54 and earlier, possibly as downloaded before February 26, 2014, allows remote attackers to inject arbitrary web script or HTML via the d parameter. | 4.3 |
2008-06-10 | CVE-2008-2650 | Path Traversal vulnerability in Cmsimple 3.1 Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |