cmsmadesimple vulnerabilities and exploits

3.5
CVSSv2
CVE-2017-16799

In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882....

3.5
CVSSv2
CVE-2019-10107

CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section....

4.3
CVSSv2
CVE-2018-1000158

cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "$url = $config['admin_url'] . '/login.php?recoverme=' . $code;" that can result in Administrator Password Reset...

3.5
CVSSv2
CVE-2017-16798

In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other...

5
CVSSv2
CVE-2011-4310

The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles....

3.5
CVSSv2
CVE-2019-17226

CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field....

6.5
CVSSv2
CVE-2018-1000094

CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any...

CmsmadesimpleCms Made Simple
4.3
CVSSv2
CVE-2012-1992

Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter (aka the Email Address field in the Edit User template)....

5
CVSSv2
CVE-2017-17735

CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies....

10
CVSSv2
CVE-2010-4663

Unspecified vulnerability in the News module in CMS Made Simple (CMSMS) before 1.9.1 has unknown impact and attack vectors....