4 matches found
Design/Logic Flaw
In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882...
CVE-2017-16799
CMS Made Simple is affected by CVE-2017-16799: a stored XSS in the New category flow. The vulnerability is in CMSMS 2.2.3.1, specifically via the m1_name parameter passed to admin/moduleinterface.php during category creation (module/action.addcategory.php). The issue enables injection of script/H...
CVE-2017-16799
In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882...
CVE-2010-3882
CMS Made Simple 1.7.1 and earlier are affected by multiple XSS vulnerabilities that allow remote attackers to inject arbitrary script or HTML via inputs to modules including Add Pages, Add Global Content, Edit Global Content, Add Article, Add Category, Add Field Definition, or Add Shortcut. The c...