Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cmsmadesimple cms made simple vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2020-13660
CMS Made Simple up to and including 2.2.14 allows XSS via a crafted File Picker profile name.
Cmsmadesimple Cms Made Simple
312
VMScore
CVE-2020-10681
The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php.
Cmsmadesimple Cms Made Simple 2.2.13
605
VMScore
CVE-2020-10682
The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code (it need not be a valid JPEG file).
Cmsmadesimple Cms Made Simple 2.2.13
445
VMScore
CVE-2011-4310
The news module in CMSMS prior to 1.9.4.3 allows remote malicious users to corrupt new articles.
Cmsmadesimple Cms Made Simple
312
VMScore
CVE-2019-17629
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen.
Cmsmadesimple Cms Made Simple 2.2.11
312
VMScore
CVE-2019-17630
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen.
Cmsmadesimple Cms Made Simple 2.2.11
312
VMScore
CVE-2019-17226
CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field.
Cmsmadesimple Cms Made Simple 2.2.11
312
VMScore
CVE-2019-11226
CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News.
Cmsmadesimple Cms Made Simple 2.2.10
312
VMScore
CVE-2019-11513
The File Manager in CMS Made Simple up to and including 2.2.10 has Reflected XSS via the "New name" field in a Rename action.
Cmsmadesimple Cms Made Simple
578
VMScore
CVE-2019-9056
An issue exists in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted __FEU__ cookie, and achieve authenticated object injection.
Cmsmadesimple Cms Made Simple 2.2.8
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »