66 matches found
CVE-2013-4167
CMS Made Simple (CMSMS) before 1.11.7 contains a Cross-site scripting (XSS) vulnerability (CVE-2013-4167). The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The available records confirm the affected product and version range, but do not describe th...
CVE-2012-5450
CMS Made Simple (CMSMS) prior to 1.11.2.1 is affected by a CSRF vulnerability in lib/filemanager/imagemanager/images.php (deld parameter) that allows an authenticated administrator to delete arbitrary files. The issue is documented as CVE-2012-5450 and is linked to a related directory-traversal c...
Information disclosure
CMS Made Simple CMSMS 1.9.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/TinyMCE/TinyMCE.module.php and certain other files. NOTE: this might overlap CVE-2007-5444...
CVE-2011-3718
CMS Made Simple (CMSMS) 1.9.2 is affected by CVE-2011-3718. A remote attacker can obtain sensitive information by directly requesting a PHP file (e.g., modules/TinyMCE/TinyMCE.module.php), resulting in an error message that reveals the installation path. The vulnerability is an information-disclo...
CVE-2010-4663
Technical details for CVE-2010-4663 are not publicly available in the provided documents. Monitor for updates from trusted sources.
CVE-2010-1482
CVE-2010-1482 affects CMS Made Simple (CMSMS) prior to version 1.7.1. The vulnerability is a cross-site scripting (XSS) flaw in the backend’s admin/editprefs.php, exploitable via the date_format_string parameter. The issue arises from insufficient escaping of user-supplied input, enabling an atta...