Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cms made simple vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-43354
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local malicious user to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.
Cmsmadesimple Cms Made Simple 2.2.18
5.4
CVSSv3
CVE-2023-43355
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local malicious user to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.
Cmsmadesimple Cms Made Simple 2.2.18
5.4
CVSSv3
CVE-2023-43356
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local malicious user to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.
Cmsmadesimple Cms Made Simple 2.2.18
5.4
CVSSv3
CVE-2023-43357
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local malicious user to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.
Cmsmadesimple Cms Made Simple 2.2.18
5.4
CVSSv3
CVE-2023-43359
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local malicious user to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component.
Cmsmadesimple Cms Made Simple 2.2.18
5.4
CVSSv3
CVE-2023-43872
A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local malicious user to upload a pdf file with hidden Cross Site Scripting (XSS).
Cmsmadesimple Cms Made Simple 2.2.18
6.1
CVSSv3
CVE-2023-43339
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local malicious user to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.
Cmsmadesimple Cms Made Simple 2.2.18
8.8
CVSSv3
CVE-2023-36969
CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.
Cmsmadesimple Cms Made Simple 2.2.17
5.4
CVSSv3
CVE-2023-36970
A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote malicious users to inject arbitrary web script or HTML via the File Upload function.
Cmsmadesimple Cms Made Simple 2.2.17
8.8
CVSSv3
CVE-2021-28999
SQL Injection vulnerability in CMS Made Simple up to and including 2.2.15 allows remote malicious users to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.
Cmsmadesimple Cms Made Simple
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »