Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2017-11-10	CVE-2017-16784	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.2 In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter. network cmsmadesimple CWE-79	4.3
2017-07-18	CVE-2017-11405	Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.2 In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file. network low complexity cmsmadesimple CWE-434	4.0
2017-07-18	CVE-2017-11404	Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.2 In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php. network low complexity cmsmadesimple CWE-434	4.0
2017-06-18	CVE-2017-9668	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action. network cmsmadesimple CWE-79	4.3
2017-03-24	CVE-2017-7257	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. network low complexity cmsmadesimple CWE-79	5.4
2017-03-24	CVE-2017-7256	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. network low complexity cmsmadesimple CWE-79	5.4
2017-03-24	CVE-2017-7255	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. network low complexity cmsmadesimple CWE-79	5.4
2017-02-21	CVE-2017-6072	Information Exposure vulnerability in Cmsmadesimple CMS Made Simple and Form Builder CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin. network low complexity cmsmadesimple CWE-200	5.0
2017-02-21	CVE-2017-6071	Information Exposure vulnerability in Cmsmadesimple CMS Made Simple and Form Builder CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml. network low complexity cmsmadesimple CWE-200	5.0
2017-01-16	CVE-2016-7904	Cross-Site Request Forgery (CSRF) vulnerability in Cmsmadesimple CMS Made Simple Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request. network cmsmadesimple CWE-352	6.0