Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cmsmadesimple vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-36970
A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote malicious users to inject arbitrary web script or HTML via the File Upload function.
Cmsmadesimple Cms Made Simple 2.2.17
7.2
CVSSv3
CVE-2018-1000094
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any ...
Cmsmadesimple Cms Made Simple 2.2.5
1 EDB exploit
7.8
CVSSv3
CVE-2020-17462
CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798.
Cmsmadesimple Cms Made Simple 2.2.14
4.8
CVSSv3
CVE-2020-23240
Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.
Cmsmadesimple Cms Made Simple 2.2.14
4.8
CVSSv3
CVE-2020-23241
Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature.
Cmsmadesimple Cms Made Simple 2.2.14
5.4
CVSSv3
CVE-2020-23481
CMS Made Simple 2.2.14 exists to contain a cross-site scripting (XSS) vulnerability which allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field.
Cmsmadesimple Cms Made Simple 2.2.14
NA
CVE-2007-5441
CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) adding a user via a direct request to admin/adduser.php and (2) reading the admin lo...
Cmsmadesimple Cms Made Simple 1.1.3.1
NA
CVE-2007-5444
CMS Made Simple 1.1.3.1 allows remote malicious users to obtain the full path via a direct request for unspecified files.
Cmsmadesimple Cms Made Simple 1.1.3.1
NA
CVE-2008-5642
Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote malicious users to read arbitrary files via a .. (dot dot) in a cms_language cookie.
Cmsmadesimple Cms Made Simple 1.4.1
1 EDB exploit
5.4
CVSSv3
CVE-2020-36408
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Shortcut" parameter under the "Manage Shortcuts" module.
Cmsmadesimple Cms Made Simple 2.2.14
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »