Vulnerabilities > Cmsmadesimple

DATE CVE VULNERABILITY TITLE RISK
2020-12-17 CVE-2020-20138 Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.4
Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4.
4.3
2020-10-01 CVE-2020-24860 Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.14
CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields.
3.5
2020-09-30 CVE-2020-22842 Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php.
3.5
2020-08-14 CVE-2020-17462 Unrestricted Upload of File With Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.14
CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798.
network
low complexity
cmsmadesimple CWE-434
6.5
2020-06-19 CVE-2020-14926 Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.14
CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page.
3.5
2020-05-28 CVE-2020-13660 Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.
3.5
2020-03-20 CVE-2020-10682 Unrestricted Upload of File With Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.13
The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php.
6.8
2020-03-20 CVE-2020-10681 Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.13
The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php.
3.5
2019-11-26 CVE-2011-4310 Improper Input Validation vulnerability in Cmsmadesimple CMS Made Simple
The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles.
network
low complexity
cmsmadesimple CWE-20
5.0
2019-10-16 CVE-2019-17630 Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.11
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen.
3.5