Vulnerabilities > Cmsmadesimple > CMS Made Simple > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-16 | CVE-2019-17629 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.11 CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen. | 3.5 |
| 2019-10-16 | CVE-2019-17630 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.11 CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen. | 3.5 |
| 2019-10-06 | CVE-2019-17226 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.11 CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field. | 3.5 |
| 2019-06-05 | CVE-2019-11226 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.10 CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News. | 3.5 |
| 2019-04-25 | CVE-2019-11513 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action. | 3.5 |
| 2019-03-26 | CVE-2019-10105 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.10 CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager. | 3.5 |
| 2019-03-26 | CVE-2019-10106 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.10 CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section. | 3.5 |
| 2019-03-26 | CVE-2019-10107 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.10 CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section. | 3.5 |
| 2019-03-24 | CVE-2019-10017 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.10 CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker. | 3.5 |
| 2018-12-19 | CVE-2018-19597 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.8 CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798. | 3.5 |