Vulnerabilities > Cmsmadesimple > CMS Made Simple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-26 | CVE-2019-10106 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.10 CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section. | 5.4 |
| 2019-03-26 | CVE-2019-10105 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.10 CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager. | 5.4 |
| 2019-03-24 | CVE-2019-10017 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.10 CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker. | 5.4 |
| 2019-03-11 | CVE-2019-9692 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). | 6.5 |
| 2018-12-25 | CVE-2018-20464 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.8 There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. | 6.1 |
| 2018-12-19 | CVE-2018-19597 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.8 CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798. | 4.8 |
| 2018-10-12 | CVE-2018-18271 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.7 XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | 6.1 |
| 2018-10-12 | CVE-2018-18270 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.7 XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | 6.1 |
| 2018-04-27 | CVE-2018-10523 | Information Exposure vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php. | 5.3 |
| 2018-04-27 | CVE-2018-10522 | Information Exposure vulnerability in Cmsmadesimple CMS Made Simple In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents function. | 4.9 |