Vulnerabilities > Cmsmadesimple

DATE CVE VULNERABILITY TITLE RISK
2024-03-12 CVE-2024-1527 Unspecified vulnerability in Cmsmadesimple CMS Made Simple 2.2.14
Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14.
network
low complexity
cmsmadesimple
8.8
2024-03-12 CVE-2024-1528 Unspecified vulnerability in Cmsmadesimple CMS Made Simple 2.2.14
CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/moduleinterface.php, in multiple parameters.
network
low complexity
cmsmadesimple
6.1
2024-03-12 CVE-2024-1529 Unspecified vulnerability in Cmsmadesimple CMS Made Simple 2.2.14
Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/adduser.php, in multiple parameters.
network
low complexity
cmsmadesimple
6.1
2023-10-26 CVE-2023-43352 Unspecified vulnerability in Cmsmadesimple CMS Made Simple 2.2.18
An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component.
local
low complexity
cmsmadesimple
7.8
2023-10-25 CVE-2023-43360 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.
network
low complexity
cmsmadesimple CWE-79
5.4
2023-10-23 CVE-2023-43358 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.
network
low complexity
cmsmadesimple CWE-79
5.4
2023-10-20 CVE-2023-43353 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.
network
low complexity
cmsmadesimple CWE-79
5.4
2023-10-20 CVE-2023-43354 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.
network
low complexity
cmsmadesimple CWE-79
5.4
2023-10-20 CVE-2023-43355 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.
network
low complexity
cmsmadesimple CWE-79
5.4
2023-10-20 CVE-2023-43356 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.
network
low complexity
cmsmadesimple CWE-79
5.4