Vulnerabilities > Cmsmadesimple > CMS Made Simple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-30 | CVE-2020-22842 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php. | 5.4 |
| 2020-06-19 | CVE-2020-14926 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.14 CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page. | 5.4 |
| 2020-05-28 | CVE-2020-13660 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name. | 4.8 |
| 2020-03-20 | CVE-2020-10681 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.13 The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php. | 5.4 |
| 2019-10-16 | CVE-2019-17630 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.11 CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen. | 4.8 |
| 2019-10-16 | CVE-2019-17629 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.11 CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen. | 4.8 |
| 2019-10-06 | CVE-2019-17226 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.11 CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field. | 4.8 |
| 2019-06-05 | CVE-2019-11226 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.10 CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News. | 5.4 |
| 2019-04-25 | CVE-2019-11513 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action. | 4.8 |
| 2019-03-26 | CVE-2019-10107 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.10 CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section. | 5.4 |