Vulnerabilities > Cmsmadesimple > CMS Made Simple

DATE CVE VULNERABILITY TITLE RISK
2020-05-28 CVE-2020-13660 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.
network
low complexity
cmsmadesimple CWE-79
4.8
4.8
2020-03-20 CVE-2020-10682 Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.13
The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php.
local
low complexity
cmsmadesimple CWE-434
7.8
7.8
2020-03-20 CVE-2020-10681 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.13
The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php.
network
low complexity
cmsmadesimple CWE-79
5.4
5.4
2019-11-26 CVE-2011-4310 Improper Input Validation vulnerability in Cmsmadesimple CMS Made Simple
The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles.
network
low complexity
cmsmadesimple CWE-20
7.5
7.5
2019-10-16 CVE-2019-17630 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.11
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen.
network
low complexity
cmsmadesimple CWE-79
4.8
4.8
2019-10-16 CVE-2019-17629 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.11
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen.
network
low complexity
cmsmadesimple CWE-79
4.8
4.8
2019-10-06 CVE-2019-17226 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.11
CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field.
network
low complexity
cmsmadesimple CWE-79
4.8
4.8
2019-06-05 CVE-2019-11226 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.10
CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News.
network
low complexity
cmsmadesimple CWE-79
5.4
5.4
2019-04-25 CVE-2019-11513 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple
The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action.
network
low complexity
cmsmadesimple CWE-79
4.8
4.8
2019-04-11 CVE-2019-9056 Deserialization of Untrusted Data vulnerability in Cmsmadesimple CMS Made Simple 2.2.8
An issue was discovered in CMS Made Simple 2.2.8.
network
low complexity
cmsmadesimple CWE-502
8.8
8.8