Vulnerabilities > Cmsmadesimple > CMS Made Simple > 2.2.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-11 | CVE-2018-10030 | Cross-Site Request Forgery (CSRF) vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php. | 8.8 |
| 2018-04-11 | CVE-2018-10029 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799. | 4.8 |
| 2018-03-13 | CVE-2018-1000092 | Cross-Site Request Forgery (CSRF) vulnerability in Cmsmadesimple CMS Made Simple 2.2.5 CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in Admin profile page that can result in Details can be found here http://dev.cmsmadesimple.org/bug/view/11715. | 8.8 |
| 2018-03-13 | CVE-2018-1000094 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.5 CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. | 7.2 |
| 2018-01-25 | CVE-2018-5965 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.5 CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter. | 4.8 |
| 2018-01-25 | CVE-2018-5964 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.5 CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter. | 4.8 |
| 2018-01-25 | CVE-2018-5963 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.5 CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter. | 4.8 |
| 2018-01-02 | CVE-2017-1000454 | Injection vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1 | 7.8 |
| 2018-01-02 | CVE-2017-1000453 | Injection vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution. | 9.8 |