Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cmsmadesimple vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2020-36410
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Email address to receive notification of news submission" parameter under the &qu...
Cmsmadesimple Cms Made Simple 2.2.14
312
VMScore
CVE-2020-36411
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Path for the {page_image} tag:" or "Path for thumbnail field:" paramete...
Cmsmadesimple Cms Made Simple 2.2.14
312
VMScore
CVE-2020-36416
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Design" parameter under the "Designs" module.
Cmsmadesimple Cms Made Simple 2.2.14
312
VMScore
CVE-2020-27377
A cross-site scripting (XSS) vulnerability exists in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14 which allows an malicious user to execute arbitrary web scripts.
Cmsmadesimple Cms Made Simple 2.2.14
312
VMScore
CVE-2021-28935
CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences > Title field.
Cmsmadesimple Cms Made Simple 2.2.15
383
VMScore
CVE-2020-20138
Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4.
Cmsmadesimple Cms Made Simple 2.2.4
312
VMScore
CVE-2020-24860
CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website.
Cmsmadesimple Cms Made Simple 2.2.14
312
VMScore
CVE-2020-22842
CMS Made Simple prior to 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php.
Cmsmadesimple Cms Made Simple
578
VMScore
CVE-2020-17462
CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798.
Cmsmadesimple Cms Made Simple 2.2.14
312
VMScore
CVE-2020-14926
CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page.
Cmsmadesimple Cms Made Simple 2.2.14
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »