Vulnerabilities > Cmsmadesimple

DATE CVE VULNERABILITY TITLE RISK
2017-06-18 CVE-2017-9668 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6
In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action.
network
low complexity
cmsmadesimple CWE-79
6.1
6.1
2017-05-12 CVE-2017-8912 Code Injection vulnerability in Cmsmadesimple CMS Made Simple 2.1.6
CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions.
network
low complexity
cmsmadesimple CWE-94
7.2
7.2
2017-03-24 CVE-2017-7257 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter.
network
low complexity
cmsmadesimple CWE-79
5.4
5.4
2017-03-24 CVE-2017-7256 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter.
network
low complexity
cmsmadesimple CWE-79
5.4
5.4
2017-03-24 CVE-2017-7255 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter.
network
low complexity
cmsmadesimple CWE-79
5.4
5.4
2017-03-09 CVE-2017-6556 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6
Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field.
network
low complexity
cmsmadesimple CWE-79
5.4
5.4
2017-03-09 CVE-2017-6555 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6
Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description").
network
low complexity
cmsmadesimple CWE-79
5.4
5.4
2017-02-21 CVE-2017-6072 Information Exposure vulnerability in Cmsmadesimple CMS Made Simple and Form Builder
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin.
network
low complexity
cmsmadesimple CWE-200
5.3
5.3
2017-02-21 CVE-2017-6071 Information Exposure vulnerability in Cmsmadesimple CMS Made Simple and Form Builder
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml.
network
low complexity
cmsmadesimple CWE-200
5.3
5.3
2017-02-21 CVE-2017-6070 Information Exposure vulnerability in Cmsmadesimple CMS Made Simple and Form Builder
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.
network
low complexity
cmsmadesimple CWE-200
critical
 9.8
9.8