Vulnerabilities > Cmsmadesimple > CMS Made Simple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-43360 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18 Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component. | 5.4 |
| 2023-10-23 | CVE-2023-43358 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18 Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component. | 5.4 |
| 2023-10-20 | CVE-2023-43353 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18 Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component. | 5.4 |
| 2023-10-20 | CVE-2023-43354 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18 Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component. | 5.4 |
| 2023-10-20 | CVE-2023-43355 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18 Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component. | 5.4 |
| 2023-10-20 | CVE-2023-43356 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18 Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component. | 5.4 |
| 2023-10-20 | CVE-2023-43357 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18 Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component. | 5.4 |
| 2023-10-19 | CVE-2023-43359 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18 Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component. | 5.4 |
| 2023-09-28 | CVE-2023-43872 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18 A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). | 5.4 |
| 2023-09-25 | CVE-2023-43339 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18 Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components. | 6.1 |