2.2.11

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-08	CVE-2021-28998	Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file. network low complexity cmsmadesimple CWE-434	7.2
2023-05-08	CVE-2021-28999	SQL Injection vulnerability in Cmsmadesimple CMS Made Simple SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php. network low complexity cmsmadesimple CWE-89	8.8
2022-06-09	CVE-2021-40961	SQL Injection vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. network low complexity cmsmadesimple CWE-89	8.8
2020-09-30	CVE-2020-22842	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php. network cmsmadesimple CWE-79	3.5
2020-05-28	CVE-2020-13660	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name. network cmsmadesimple CWE-79	3.5
2019-10-16	CVE-2019-17630	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.11 CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen. network cmsmadesimple CWE-79	3.5
2019-10-16	CVE-2019-17629	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.11 CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen. network cmsmadesimple CWE-79	3.5
2019-10-06	CVE-2019-17226	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.11 CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field. network cmsmadesimple CWE-79	3.5
2018-01-02	CVE-2017-1000454	Injection vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1 local low complexity cmsmadesimple CWE-74	4.6
2018-01-02	CVE-2017-1000453	Injection vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution. network low complexity cmsmadesimple CWE-74	7.5