Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cmsmadesimple cms made simple vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2020-10681
The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php.
Cmsmadesimple Cms Made Simple 2.2.13
6.8
CVSSv2
CVE-2020-10682
The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code (it need not be a valid JPEG file).
Cmsmadesimple Cms Made Simple 2.2.13
3.5
CVSSv2
CVE-2019-17226
CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field.
Cmsmadesimple Cms Made Simple 2.2.11
3.5
CVSSv2
CVE-2019-11226
CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News.
Cmsmadesimple Cms Made Simple 2.2.10
3.5
CVSSv2
CVE-2020-24860
CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website.
Cmsmadesimple Cms Made Simple 2.2.14
4.3
CVSSv2
CVE-2005-3083
Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 0.10 allows remote malicious users to inject arbitrary web script or HTML via the page parameter.
Cmsmadesimple Cms Made Simple 0.10
1 EDB exploit
7.5
CVSSv2
CVE-2007-0551
Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote malicious users to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters.
Cmsmadesimple Cms Made Simple 2.7
6.8
CVSSv2
CVE-2007-0610
Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote malicious users to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third par...
Cmsmadesimple Cms Made Simple 2.7
3.5
CVSSv2
CVE-2021-28935
CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences > Title field.
Cmsmadesimple Cms Made Simple 2.2.15
3.5
CVSSv2
CVE-2017-7255
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack.
Cmsmadesimple Cms Made Simple 2.1.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »