Vulnerabilities > Cmsmadesimple > CMS Made Simple > 2.2.14
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-12 | CVE-2024-1527 | Unspecified vulnerability in Cmsmadesimple CMS Made Simple 2.2.14 Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. | 8.8 |
| 2024-03-12 | CVE-2024-1528 | Unspecified vulnerability in Cmsmadesimple CMS Made Simple 2.2.14 CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/moduleinterface.php, in multiple parameters. | 6.1 |
| 2024-03-12 | CVE-2024-1529 | Unspecified vulnerability in Cmsmadesimple CMS Made Simple 2.2.14 Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/adduser.php, in multiple parameters. | 6.1 |
| 2023-05-08 | CVE-2021-28998 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file. | 7.2 |
| 2023-05-08 | CVE-2021-28999 | SQL Injection vulnerability in Cmsmadesimple CMS Made Simple SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php. | 8.8 |
| 2022-06-09 | CVE-2021-40961 | SQL Injection vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. | 8.8 |
| 2021-09-22 | CVE-2020-23481 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.14 CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field. | 5.4 |
| 2021-08-05 | CVE-2020-22732 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.14 CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker.. | 4.8 |
| 2021-07-26 | CVE-2020-23240 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.14 Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature. | 4.8 |
| 2021-07-26 | CVE-2020-23241 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.14 Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature. | 4.8 |