Vulnerabilities > Cmsmadesimple > CMS Made Simple > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-09 | CVE-2017-6556 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field. | 3.5 |
| 2016-05-26 | CVE-2016-2784 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request. | 2.6 |
| 2014-03-02 | CVE-2014-0334 | Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) the htmlblob parameter to admin/addhtmlblob.php, the (3) title or (4) url parameter to admin/addbookmark.php, (5) the stylesheet_name parameter to admin/copystylesheet.php, (6) the template_name parameter to admin/copytemplate.php, the (7) title or (8) url parameter to admin/editbookmark.php, (9) the template parameter to admin/listtemplates.php, or (10) the css_name parameter to admin/listcss.php, a different issue than CVE-2014-2092. | 3.5 |
| 2013-12-09 | CVE-2013-3929 | Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple 1.11.9 Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS Made Simple (CMSMS) 1.11.9 allows remote authenticated users with the "Modify Events" permission to inject arbitrary web script or HTML via the handler parameter. | 2.1 |
| 2012-12-03 | CVE-2012-6064 | Path Traversal vulnerability in Cmsmadesimple CMS Made Simple Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. | 3.5 |
| 2007-10-14 | CVE-2007-5442 | Permissions, Privileges, and Access Controls vulnerability in Cmsmadesimple CMS Made Simple 1.1.3.1 CMS Made Simple 1.1.3.1 does not check the permissions assigned to users who attempt uploads, which allows remote authenticated users to upload unspecified files via unknown vectors. | 3.5 |