EUVD-2018-2113

Malware in sbrugna...

CVE-2020-22842

CMS Made Simple before 2.2.15 allows XSS via the m1mod parameter in a ModuleManager localuninstall action to admin/moduleinterface.php...

CVE-2020-22842

CMS Made Simple (CMSMS) before version 2.2.15 is affected by CVE-2020-22842 due to an XSS vulnerability in the ModuleManager local_uninstall action that processes the m1_mod parameter in admin/moduleinterface.php. The underlying issue is insufficient input validation of this parameter, allowing a...

CVE-2020-10681

The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1files to admin/moduleinterface.php...

CVE-2020-10681

The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1files to admin/moduleinterface.php...

Design/Logic Flaw

CMS Made Simple aka CMSMS 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1version parameter...

CVE-2018-10029

CMS Made Simple aka CMSMS 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799...

CVE-2018-10029

CMS Made Simple (CMSMS) 2.2.7 is cited as having a Reflected XSS flaw in admin/moduleinterface.php via the m1_name parameter (linked to moduledepends). This CVE-2018-10029 description is explicitly differentiated from CVE-2017-16799. Across connected sources (CNVD, RH Red Hat, CNVD CNVD-2017-3650...

CVE-2018-10032

CMS Made Simple (CMSMS) 2.2.7 contains a Reflected XSS in admin/moduleinterface.php via the m1_version parameter. The issue is documented across multiple sources (NVD, Red Hat, CNVD, CVE lists) as a reflection vulnerability in CMSMS 2.2.7; details consistently indicate the vulnerable component is...

CVE-2018-8058

CMS Made Simple CMSMS 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter...

Code injection

CMS Made Simple CMSMS 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter...

CVE-2018-8058

CMS Made Simple (CMSMS) 2.2.6 contains a cross‑site scripting (XSS) vulnerability in admin/moduleinterface.php via the pagedata parameter. Affected component: CMSMS core web interface; vulnerability type: stored XSS. The CVE and related OpenVAS entry indicate multiple stored XSS vulnerabilities i...

CVE-2018-5964

CMS Made Simple CMSMS 2.2.5 has XSS in admin/moduleinterface.php via the m1messages parameter...

CVE-2018-5965

CMS Made Simple CMSMS 2.2.5 has XSS in admin/moduleinterface.php via the m1errors parameter...

Design/Logic Flaw

In CMS Made Simple CMSMS 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file...