Vulnerabilities > Cmsmadesimple > CMS Made Simple > 1.8.2

DATE CVE VULNERABILITY TITLE RISK
2017-01-16 CVE-2016-7904 Cross-Site Request Forgery (CSRF) vulnerability in Cmsmadesimple CMS Made Simple
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request.
network
low complexity
cmsmadesimple CWE-352
8.0
2016-05-26 CVE-2016-2784 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request.
network
high complexity
cmsmadesimple CWE-79
4.7