Vulnerabilities > Cmsmadesimple > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-03-24 CVE-2017-7257 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter.
network
low complexity
cmsmadesimple CWE-79
5.4
5.4
2017-03-24 CVE-2017-7256 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter.
network
low complexity
cmsmadesimple CWE-79
5.4
5.4
2017-03-24 CVE-2017-7255 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter.
network
low complexity
cmsmadesimple CWE-79
5.4
5.4
2017-03-09 CVE-2017-6556 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6
Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field.
network
low complexity
cmsmadesimple CWE-79
5.4
5.4
2017-03-09 CVE-2017-6555 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6
Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description").
network
low complexity
cmsmadesimple CWE-79
5.4
5.4
2017-02-21 CVE-2017-6072 Information Exposure vulnerability in Cmsmadesimple CMS Made Simple and Form Builder
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin.
network
low complexity
cmsmadesimple CWE-200
5.3
5.3
2017-02-21 CVE-2017-6071 Information Exposure vulnerability in Cmsmadesimple CMS Made Simple and Form Builder
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml.
network
low complexity
cmsmadesimple CWE-200
5.3
5.3
2016-05-26 CVE-2016-2784 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request.
network
high complexity
cmsmadesimple CWE-79
4.7
4.7