Vulnerabilities > Cmsmadesimple > CMS Made Simple
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-26 | CVE-2019-9055 | Deserialization of Untrusted Data vulnerability in Cmsmadesimple CMS Made Simple An issue was discovered in CMS Made Simple 2.2.8. | 8.8 |
| 2019-03-26 | CVE-2019-9053 | SQL Injection vulnerability in Cmsmadesimple CMS Made Simple 2.2.8 An issue was discovered in CMS Made Simple 2.2.8. | 8.1 |
| 2019-03-24 | CVE-2019-10017 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.10 CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker. | 5.4 |
| 2019-03-11 | CVE-2019-9693 | SQL Injection vulnerability in Cmsmadesimple CMS Made Simple In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id). | 8.8 |
| 2019-03-11 | CVE-2019-9692 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). | 6.5 |
| 2018-12-25 | CVE-2018-20464 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.8 There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. | 6.1 |
| 2018-12-19 | CVE-2018-19597 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.8 CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798. | 4.8 |
| 2018-10-12 | CVE-2018-18271 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.7 XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | 6.1 |
| 2018-10-12 | CVE-2018-18270 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.7 XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | 6.1 |
| 2018-04-27 | CVE-2018-10523 | Information Exposure vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php. | 5.3 |