Vulnerabilities > Cmsmadesimple

DATE CVE VULNERABILITY TITLE RISK
2017-12-18 CVE-2017-17734 Information Exposure vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.
network
low complexity
cmsmadesimple CWE-200
5.0
5.0
2017-11-12 CVE-2017-16799 Cross-site Scripting vulnerability in Cmsmadesimple 2.2.3.1
In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882. 		3.5
3.5
2017-11-12 CVE-2017-16798 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.3.1
In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg. 		3.5
3.5
2017-11-10 CVE-2017-16784 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.2
In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter. 		4.3
4.3
2017-11-10 CVE-2017-16783 Code Injection vulnerability in Cmsmadesimple CMS Made Simple 2.1.6
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
network
low complexity
cmsmadesimple CWE-94
7.5
7.5
2017-07-18 CVE-2017-11405 Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.2
In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file.
network
low complexity
cmsmadesimple CWE-434
4.0
4.0
2017-07-18 CVE-2017-11404 Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.2
In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php.
network
low complexity
cmsmadesimple CWE-434
4.0
4.0
2017-06-18 CVE-2017-9668 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6
In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action. 		4.3
4.3
2017-05-12 CVE-2017-8912 Code Injection vulnerability in Cmsmadesimple CMS Made Simple 2.1.6
CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions.
network
low complexity
cmsmadesimple CWE-94
7.2
7.2
2017-03-24 CVE-2017-7257 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter.
network
low complexity
cmsmadesimple CWE-79
5.4
5.4