Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cms made simple vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-1527
Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell.
NA
CVE-2024-1528
CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/moduleinterface.php, in multiple parameters. This vulnerability could allow a remote malicious user to send a specially craft...
NA
CVE-2024-1529
Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/adduser.php, in multiple parameters. This vulnerability could allow a remote malicious user to send a speciall...
NA
CVE-2024-27622
A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19. This vulnerability arises from inadequate sanitization of user-supplied input in the 'Code' section of the module. As a result, authenticated use...
NA
CVE-2024-27623
CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.
NA
CVE-2024-27625
CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the "New directory" field.
NA
CVE-2023-43352
An issue in CMSmadesimple v.2.2.18 allows a local malicious user to execute arbitrary code via a crafted payload to the Content Manager Menu component.
Cmsmadesimple Cms Made Simple 2.2.18
NA
CVE-2023-43360
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local malicious user to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.
Cmsmadesimple Cms Made Simple 2.2.18
NA
CVE-2023-43358
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local malicious user to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.
Cmsmadesimple Cms Made Simple 2.2.18
NA
CVE-2023-43353
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local malicious user to execute arbitrary code via a crafted script to the extra parameter in the news menu component.
Cmsmadesimple Cms Made Simple 2.2.18
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »