Vulnerabilities > Cmsmadesimple > CMS Made Simple > 2.2.14
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-08 | CVE-2021-28998 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file. | 7.2 |
| 2023-05-08 | CVE-2021-28999 | SQL Injection vulnerability in Cmsmadesimple CMS Made Simple SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php. | 8.8 |
| 2022-06-09 | CVE-2021-40961 | SQL Injection vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. | 8.8 |
| 2021-09-22 | CVE-2020-23481 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.14 CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field. | 3.5 |
| 2021-08-05 | CVE-2020-22732 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.14 CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker.. | 3.5 |
| 2021-07-26 | CVE-2020-23240 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.14 Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature. | 3.5 |
| 2021-07-26 | CVE-2020-23241 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.14 Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature. | 3.5 |
| 2021-07-02 | CVE-2020-36408 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.14 A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Shortcut" parameter under the "Manage Shortcuts" module. | 3.5 |
| 2021-07-02 | CVE-2020-36409 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.14 A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Category" parameter under the "Categories" module. | 3.5 |
| 2021-07-02 | CVE-2020-36410 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.14 A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Email address to receive notification of news submission" parameter under the "Options" module. | 3.5 |