Vulnerabilities > Cmsmadesimple > CMS Made Simple > Low

DATE	CVE	VULNERABILITY TITLE	RISK
2018-04-11	CVE-2018-10029	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799. network cmsmadesimple CWE-79	3.5
2018-04-11	CVE-2018-10032	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter. network cmsmadesimple CWE-79	3.5
2018-04-11	CVE-2018-10033	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter. network cmsmadesimple CWE-79	3.5
2018-03-12	CVE-2018-7893	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.6 CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter. network cmsmadesimple CWE-79	3.5
2018-03-12	CVE-2018-8058	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.6 CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter. network cmsmadesimple CWE-79	3.5
2018-01-25	CVE-2018-5963	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.5 CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter. network cmsmadesimple CWE-79	3.5
2018-01-25	CVE-2018-5964	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.5 CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter. network cmsmadesimple CWE-79	3.5
2018-01-25	CVE-2018-5965	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.5 CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter. network cmsmadesimple CWE-79	3.5
2017-11-12	CVE-2017-16798	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.3.1 In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg. network cmsmadesimple CWE-79	3.5
2017-03-09	CVE-2017-6555	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description"). network cmsmadesimple CWE-79	3.5