Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cmsmadesimple vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-9056
An issue exists in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted __FEU__ cookie, and achieve authenticated object injection.
Cmsmadesimple Cms Made Simple 2.2.8
7.2
CVSSv3
CVE-2017-8912
CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not ...
Cmsmadesimple Cms Made Simple 2.1.6
1 EDB exploit
4.8
CVSSv3
CVE-2019-17630
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen.
Cmsmadesimple Cms Made Simple 2.2.11
5.4
CVSSv3
CVE-2020-36408
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Shortcut" parameter under the "Manage Shortcuts" module.
Cmsmadesimple Cms Made Simple 2.2.14
5.4
CVSSv3
CVE-2020-36415
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Stylesheet" parameter under the "Stylesheets" module.
Cmsmadesimple Cms Made Simple 2.2.14
NA
CVE-2007-5441
CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) adding a user via a direct request to admin/adduser.php and (2) reading the admin lo...
Cmsmadesimple Cms Made Simple 1.1.3.1
NA
CVE-2007-5442
CMS Made Simple 1.1.3.1 does not check the permissions assigned to users who attempt uploads, which allows remote authenticated users to upload unspecified files via unknown vectors.
Cmsmadesimple Cms Made Simple 1.1.3.1
NA
CVE-2007-5443
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.1.3.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors related to (1) the anchor tag and (2) listtags.
Cmsmadesimple Cms Made Simple 1.1.3.1
NA
CVE-2007-5444
CMS Made Simple 1.1.3.1 allows remote malicious users to obtain the full path via a direct request for unspecified files.
Cmsmadesimple Cms Made Simple 1.1.3.1
5.4
CVSSv3
CVE-2020-14926
CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page.
Cmsmadesimple Cms Made Simple 2.2.14
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »