Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cms made simple vulnerabilities and exploits
(subscribe to this query)
8.5
CVSSv2
CVE-2018-7448
Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote malicious users to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure.
Cmsmadesimple Cms Made Simple 2.1.6
1 EDB exploit
2 Github repositories
3.5
CVSSv2
CVE-2018-5964
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter.
Cmsmadesimple Cms Made Simple 2.2.5
3.5
CVSSv2
CVE-2018-5965
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter.
Cmsmadesimple Cms Made Simple 2.2.5
3.5
CVSSv2
CVE-2020-36410
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Email address to receive notification of news submission" parameter under the &qu...
Cmsmadesimple Cms Made Simple 2.2.14
4.3
CVSSv2
CVE-2018-18270
XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.
Cmsmadesimple Cms Made Simple 2.2.7
4.3
CVSSv2
CVE-2018-20464
There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address.
Cmsmadesimple Cms Made Simple 2.2.8
4.3
CVSSv2
CVE-2014-2092
Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Simple 1.11.10 allows remote malicious users to inject arbitrary web script or HTML via the action parameter, a different issue than CVE-2014-0334. NOTE: the original disclosure a...
Cmsmadesimple Cms Made Simple 1.11.10
4
CVSSv2
CVE-2017-11404
In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php.
Cmsmadesimple Cms Made Simple 2.2.2
4
CVSSv2
CVE-2017-11405
In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file.
Cmsmadesimple Cms Made Simple 2.2.2
3.5
CVSSv2
CVE-2018-19597
CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798.
Cmsmadesimple Cms Made Simple 2.2.8
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »