Vulnerabilities > Cmsmadesimple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-12 | CVE-2018-7893 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.6 CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter. | 4.8 |
| 2018-01-25 | CVE-2018-5965 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.5 CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter. | 4.8 |
| 2018-01-25 | CVE-2018-5964 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.5 CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter. | 4.8 |
| 2018-01-25 | CVE-2018-5963 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.5 CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter. | 4.8 |
| 2017-11-12 | CVE-2017-16799 | Cross-site Scripting vulnerability in Cmsmadesimple 2.2.3.1 In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882. | 5.4 |
| 2017-11-12 | CVE-2017-16798 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.3.1 In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg. | 5.4 |
| 2017-11-10 | CVE-2017-16784 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.2 In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter. | 6.1 |
| 2017-07-18 | CVE-2017-11405 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.2 In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file. | 4.9 |
| 2017-07-18 | CVE-2017-11404 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple 2.2.2 In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php. | 4.9 |
| 2017-06-18 | CVE-2017-9668 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action. | 6.1 |