Lucene search
K

66 matches found

CVE
CVE
added 2018/03/12 3:0 a.m.46 views

CVE-2018-7893

CVE-2018-7893 : CMS Made Simple (CMSMS) 2.2.6 is affected by a stored XSS in admin/moduleinterface.php via the metadata parameter. The CVSS data (NVD) lists a base score of 3.5 (LOW) under CVSS2 and 4.8 (MEDIUM) under CVSS3, with network attack vector and low impact on confidentiality/availabilit...

4.8CVSS4.8AI score0.00559EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/03/12 3:0 a.m.56 views

CVE-2018-8058

CMS Made Simple (CMSMS) 2.2.6 contains a cross‑site scripting (XSS) vulnerability in admin/moduleinterface.php via the pagedata parameter. Affected component: CMSMS core web interface; vulnerability type: stored XSS. The CVE and related OpenVAS entry indicate multiple stored XSS vulnerabilities i...

4.8CVSS4.9AI score0.00559EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2018/01/25 4:29 p.m.13 views

Design/Logic Flaw

CMS Made Simple CMSMS 2.2.5 has XSS in admin/moduleinterface.php via the m1messages parameter...

3.5CVSS4.9AI score0.01051EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2018/01/25 4:0 p.m.49 views

CVE-2018-5965

CMS Made Simple (CMSMS) 2.2.5 exposes a Cross-Site Scripting (XSS) vulnerability in admin/moduleinterface.php via the m1_errors parameter. The root cause, as stated, is unvalidated input being reflected, enabling script injection in the context of the admin interface. Public references in the con...

4.8CVSS4.9AI score0.01264EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2018/01/25 4:0 p.m.44 views

CVE-2018-5964

CMS Made Simple (CMSMS) 2.2.5 is reported to have a cross-site scripting (XSS) vulnerability in admin/moduleinterface.php via the m1_messages parameter. All connected sources describe the same issue, with the vulnerability affecting the processing of that parameter in the admin interface. The NVD...

4.8CVSS4.9AI score0.01051EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2017/12/18 6:29 a.m.19 views

CVE-2017-17735

CMS Made Simple CMSMS before 2.2.5 does not properly cache login information in cookies...

9.8CVSS9.4AI score0.01086EPSS
Exploits0References2
CVE
CVE
added 2017/12/18 6:0 a.m.56 views

CVE-2017-17735

CMS Made Simple (CMSMS) versions before 2.2.5 have a vulnerability where login information is not properly cached in cookies. Root cause: improper handling of login data in cookies. Impact is described by CVSS as high for confidentiality and integrity, but the connected documents do not spell out...

9.8CVSS9.2AI score0.01086EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/12/18 6:0 a.m.54 views

CVE-2017-17734

CMS Made Simple (CMSMS) before version 2.2.5 contains a vulnerability where login information is not properly cached in sessions. The issue affects CMSMS 2.2.4 and earlier. Impact is tied to session handling and could affect authentication state. The connected documents confirm the affected produ...

9.8CVSS9.2AI score0.01086EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2017/07/18 12:29 a.m.20 views

Design/Logic Flaw

In CMS Made Simple CMSMS 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file...

4CVSS4.9AI score0.00849EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2017/07/18 12:0 a.m.56 views

CVE-2017-11405

CMS Made Simple (CMSMS) 2.2.2 is affected by CVE-2017-11405. Remote authenticated administrators can abuse a sequence of actions (CMSContentManager to admin/moduleinterface.php, then a FilePicker action that changes type=image to type=file) to upload a PHP file. The exact vulnerability chain enab...

4.9CVSS4.8AI score0.00849EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2017/07/18 12:0 a.m.53 views

CVE-2017-11404

CMS Made Simple (CMSMS) 2.2.2 is affected by a vulnerability where remote authenticated administrators can upload a .php file through a FileManager action to admin/moduleinterface.php. The issue is documented across multiple feeds (NVD and others) with an attack surface requiring authentication, ...

4.9CVSS4.9AI score0.00849EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2017/05/12 6:54 a.m.78 views

CVE-2017-8912

CVE-2017-8912 (CMS Made Simple 2.1.6) : A remote code execution vulnerability exists in admin/editusertag.php via the code parameter, enabling arbitrary PHP execution by remote authenticated admins. Root cause is tied to CreateTagFunction/CallUserTag logic. Affected software is CMS Made Simple 2....

7.2CVSS7.1AI score0.03111EPSS
Exploits4References2Affected Software1
NVD
NVD
added 2017/03/24 3:59 p.m.22 views

CVE-2017-7255

XSS exists in the CMS Made Simple CMSMS 2.1.6 "Content--News--Add Article" feature via the m1title parameter. Someone must login to conduct the attack...

5.4CVSS5.3AI score0.0052EPSS
Exploits1References2
Prion
Prion
added 2017/03/24 3:59 p.m.23 views

Cross site scripting

XSS exists in the CMS Made Simple CMSMS 2.1.6 "Content--News--Add Article" feature via the m1title parameter. Someone must login to conduct the attack...

3.5CVSS5.2AI score0.0052EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2017/03/24 3:0 p.m.53 views

CVE-2017-7256

CMS Made Simple (CMSMS) 2.1.6 contains a cross-site scripting (XSS) vulnerability in the Content→News→Add Article flow via the m1_summary parameter. The attack requires an authenticated user (login) to exploit the vulnerability. Affected component is the m1_summary parameter handling within the N...

5.4CVSS5.4AI score0.0052EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2017/03/24 3:0 p.m.56 views

CVE-2017-7255

CVE-2017-7255 describes a cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6, triggered in the Content→News→Add Article workflow via the m1_title parameter. Affected software is CMSMS; the issue is a reflected/stored XSS caused by unsanitized input in the m1_title field, wi...

5.4CVSS5.4AI score0.0052EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2017/03/24 3:0 p.m.54 views

CVE-2017-7257

CVE-2017-7257 describes a cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6, specifically in the Content→News→Add Article feature via the m1_content parameter. The description notes that an attacker must be logged in to perform the attack, and the vulnerability affects the...

5.4CVSS5.4AI score0.0052EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2017/03/09 9:26 a.m.51 views

CVE-2017-6556

CMS Made Simple (CMSMS) 2.1.6 is affected by a cross-site scripting (XSS) vulnerability that allows remote authenticated users to inject arbitrary script/HTML via the adminpage > sitesetting > General Settings > globalmetadata field. The issue stems from inadequate input validation in th...

5.4CVSS5AI score0.00607EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2014/03/05 3:0 p.m.43 views

CVE-2014-2245

The CVE-2014-2245 entry concerns a SQL injection in the News module of CMS Made Simple (CMSMS). The vulnerability affects CMSMS prior to version 1.11.10 and can be triggered by remote authenticated users who hold the Modify News permission, via the sortby parameter to admin/moduleinterface.php. T...

6CVSS8.2AI score0.00977EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2013/12/09 4:0 p.m.42 views

CVE-2013-3929

CMS Made Simple (CMSMS) 1.11.9 includes an XSS vulnerability in admin/editevent.php where the handler parameter can be exploited by remote authenticated users with the true 【Modify Events】 permission to inject arbitrary web script or HTML. The connected sources confirm the affected file and condi...

2.1CVSS5.4AI score0.00695EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder