Vulnerabilities > Cmsmadesimple > CMS Made Simple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-06 | CVE-2023-36970 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.17 A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function. | 5.4 |
| 2022-04-13 | CVE-2021-43154 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.15 Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php. | 4.3 |
| 2022-02-28 | CVE-2022-23906 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.15 CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. | 6.5 |
| 2022-02-28 | CVE-2022-23907 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.15 CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage. | 4.3 |
| 2021-09-17 | CVE-2019-9060 | Path Traversal vulnerability in Cmsmadesimple CMS Made Simple 2.2.8 An issue was discovered in CMS Made Simple 2.2.8. | 5.0 |
| 2020-12-17 | CVE-2020-20138 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.4 Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4. | 4.3 |
| 2020-08-14 | CVE-2020-17462 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.14 CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798. | 6.5 |
| 2020-03-20 | CVE-2020-10682 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.13 The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. | 6.8 |
| 2019-11-26 | CVE-2011-4310 | Improper Input Validation vulnerability in Cmsmadesimple CMS Made Simple The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles. | 5.0 |
| 2019-04-11 | CVE-2019-9056 | Deserialization of Untrusted Data vulnerability in Cmsmadesimple CMS Made Simple 2.2.8 An issue was discovered in CMS Made Simple 2.2.8. | 6.5 |