Vulnerabilities > Cmsmadesimple
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-11 | CVE-2018-10030 | Cross-Site Request Forgery (CSRF) vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php. | 8.8 |
| 2018-04-11 | CVE-2018-10029 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799. | 4.8 |
| 2018-03-13 | CVE-2018-1000092 | Cross-Site Request Forgery (CSRF) vulnerability in Cmsmadesimple CMS Made Simple 2.2.5 CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in Admin profile page that can result in Details can be found here http://dev.cmsmadesimple.org/bug/view/11715. | 8.8 |
| 2018-03-13 | CVE-2018-1000094 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.5 CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. | 7.2 |
| 2018-03-12 | CVE-2018-8058 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.6 CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter. | 4.8 |
| 2018-03-12 | CVE-2018-7893 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.6 CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter. | 4.8 |
| 2018-02-26 | CVE-2018-7448 | OS Command Injection vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure. | 7.5 |
| 2018-01-25 | CVE-2018-5965 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.5 CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter. | 4.8 |
| 2018-01-25 | CVE-2018-5964 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.5 CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter. | 4.8 |
| 2018-01-25 | CVE-2018-5963 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.5 CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter. | 4.8 |