Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cmsmadesimple cms made simple vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2019-10107
CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section.
Cmsmadesimple Cms Made Simple 2.2.10
8.8
CVSSv3
CVE-2018-1000092
CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in Admin profile page that can result in Details can be found here http://dev.cmsmadesimple.org/bug/view/11715. This attack appear to be exploitable via A specially crafted web page. ...
Cmsmadesimple Cms Made Simple 2.2.5
8.8
CVSSv3
CVE-2018-1000158
cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "$url = $config['admin_url'] . '/login.php?recoverme=' . $code;" that can result in Administrator Password Reset Poisonin...
Cmsmadesimple Cms Made Simple 2.2.7
5.4
CVSSv3
CVE-2017-16798
In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote malicious users to bypass intended access restrictions or trigger XSS via other...
Cmsmadesimple Cms Made Simple 2.2.3.1
6.1
CVSSv3
CVE-2020-20138
Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4.
Cmsmadesimple Cms Made Simple 2.2.4
NA
CVE-2008-5642
Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote malicious users to read arbitrary files via a .. (dot dot) in a cms_language cookie.
Cmsmadesimple Cms Made Simple 1.4.1
1 EDB exploit
NA
CVE-2007-5443
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.1.3.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors related to (1) the anchor tag and (2) listtags.
Cmsmadesimple Cms Made Simple 1.1.3.1
NA
CVE-2007-5444
CMS Made Simple 1.1.3.1 allows remote malicious users to obtain the full path via a direct request for unspecified files.
Cmsmadesimple Cms Made Simple 1.1.3.1
NA
CVE-2013-3929
Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS Made Simple (CMSMS) 1.11.9 allows remote authenticated users with the "Modify Events" permission to inject arbitrary web script or HTML via the handler parameter.
Cmsmadesimple Cms Made Simple 1.11.9
NA
CVE-2007-5442
CMS Made Simple 1.1.3.1 does not check the permissions assigned to users who attempt uploads, which allows remote authenticated users to upload unspecified files via unknown vectors.
Cmsmadesimple Cms Made Simple 1.1.3.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »