Lucene search
K

66 matches found

CVE
CVE
added 2013/10/11 10:0 p.m.48 views

CVE-2013-4167

CMS Made Simple (CMSMS) before 1.11.7 contains a Cross-site scripting (XSS) vulnerability (CVE-2013-4167). The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The available records confirm the affected product and version range, but do not describe th...

4.3CVSS5.8AI score0.01161EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2012/12/03 9:0 p.m.55 views

CVE-2012-5450

CMS Made Simple (CMSMS) prior to 1.11.2.1 is affected by a CSRF vulnerability in lib/filemanager/imagemanager/images.php (deld parameter) that allows an authenticated administrator to delete arbitrary files. The issue is documented as CVE-2012-5450 and is linked to a related directory-traversal c...

6.8CVSS7.2AI score0.0087EPSS
Exploits3References7Affected Software1
Prion
Prion
added 2011/09/23 11:55 p.m.21 views

Information disclosure

CMS Made Simple CMSMS 1.9.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/TinyMCE/TinyMCE.module.php and certain other files. NOTE: this might overlap CVE-2007-5444...

5CVSS6.3AI score0.01336EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2011/09/23 11:0 p.m.42 views

CVE-2011-3718

CMS Made Simple (CMSMS) 1.9.2 is affected by CVE-2011-3718. A remote attacker can obtain sensitive information by directly requesting a PHP file (e.g., modules/TinyMCE/TinyMCE.module.php), resulting in an error message that reveals the installation path. The vulnerability is an information-disclo...

5CVSS6.1AI score0.01336EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2011/06/08 10:0 a.m.51 views

CVE-2010-4663

Technical details for CVE-2010-4663 are not publicly available in the provided documents. Monitor for updates from trusted sources.

10CVSS6.7AI score0.01474EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2010/05/12 3:0 p.m.78 views

CVE-2010-1482

CVE-2010-1482 affects CMS Made Simple (CMSMS) prior to version 1.7.1. The vulnerability is a cross-site scripting (XSS) flaw in the backend’s admin/editprefs.php, exploitable via the date_format_string parameter. The issue arises from insufficient escaping of user-supplied input, enabling an atta...

4.3CVSS5.6AI score0.01085EPSS
Exploits3References4Affected Software1
Rows per page
Query Builder