Vulnerabilities > Cmsimple

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-13	CVE-2021-43741	Path Traversal vulnerability in Cmsimple 5.4 CMSimple 5.4 is vulnerable to Directory Traversal. network low complexity cmsimple CWE-22	7.5
2022-04-13	CVE-2021-43742	Cross-site Scripting vulnerability in Cmsimple 5.4 CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload feature. network cmsimple CWE-79	3.5
2018-12-19	CVE-2018-19508	Cross-site Scripting vulnerability in Cmsimple 4.7.5 CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/ URI. network cmsimple CWE-79	3.5
2018-12-19	CVE-2018-19507	Cross-site Scripting vulnerability in Cmsimple 4.7.5 CMSimple 4.7.5 has XSS via an admin's use of a ?file=config&action=array URI. network cmsimple CWE-79	3.5
2014-03-20	CVE-2014-2219	Cross-Site Scripting vulnerability in Cmsimple Classic 3.5.4 Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in CMSimple Classic 3.54 and earlier, possibly as downloaded before February 26, 2014, allows remote attackers to inject arbitrary web script or HTML via the d parameter. network cmsimple CWE-79	4.3
2008-06-10	CVE-2008-2650	Path Traversal vulnerability in Cmsimple 3.1 Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. network cmsimple CWE-22	6.8

Vulnerabilities > Cmsimple {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Cmsimple"}]}