Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cmsmadesimple vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-43356
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local malicious user to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.
Cmsmadesimple Cms Made Simple 2.2.18
5.4
CVSSv3
CVE-2023-43358
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local malicious user to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.
Cmsmadesimple Cms Made Simple 2.2.18
NA
CVE-2014-2092
Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Simple 1.11.10 allows remote malicious users to inject arbitrary web script or HTML via the action parameter, a different issue than CVE-2014-0334. NOTE: the original disclosure a...
Cmsmadesimple Cms Made Simple 1.11.10
8.8
CVSSv3
CVE-2023-36969
CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.
Cmsmadesimple Cms Made Simple 2.2.17
5.4
CVSSv3
CVE-2017-7255
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack.
Cmsmadesimple Cms Made Simple 2.1.6
4.8
CVSSv3
CVE-2019-17630
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen.
Cmsmadesimple Cms Made Simple 2.2.11
4.8
CVSSv3
CVE-2018-5964
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter.
Cmsmadesimple Cms Made Simple 2.2.5
5.4
CVSSv3
CVE-2020-10681
The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php.
Cmsmadesimple Cms Made Simple 2.2.13
5.4
CVSSv3
CVE-2019-10106
CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section.
Cmsmadesimple Cms Made Simple 2.2.10
5.4
CVSSv3
CVE-2019-10107
CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section.
Cmsmadesimple Cms Made Simple 2.2.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
7
8
9
10
NEXT »