Vulnerabilities > Cmsmadesimple

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-25	CVE-2023-43339	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.18 Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components. network low complexity cmsmadesimple CWE-79	6.1
2023-07-06	CVE-2023-36969	Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.17 CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function. network low complexity cmsmadesimple CWE-434	8.8
2023-07-06	CVE-2023-36970	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.17 A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function. network low complexity cmsmadesimple CWE-79	5.4
2023-05-08	CVE-2021-28998	Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file. network low complexity cmsmadesimple CWE-434	7.2
2023-05-08	CVE-2021-28999	SQL Injection vulnerability in Cmsmadesimple CMS Made Simple SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php. network low complexity cmsmadesimple CWE-89	8.8
2022-06-09	CVE-2021-40961	SQL Injection vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. network low complexity cmsmadesimple CWE-89	8.8
2022-04-13	CVE-2021-43154	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.15 Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php. network cmsmadesimple CWE-79	4.3
2022-02-28	CVE-2022-23906	Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.15 CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. network low complexity cmsmadesimple CWE-434	6.5
2022-02-28	CVE-2022-23907	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.15 CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage. network cmsmadesimple CWE-79	4.3
2021-09-22	CVE-2020-23481	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.14 CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field. network cmsmadesimple CWE-79	3.5

Vulnerabilities > Cmsmadesimple {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Cmsmadesimple"}]}

Vulnerabilities > Cmsmadesimple