51 matches found
EUVD-2019-2149
Malware in sbrugna...
EUVD-2018-2113
Malware in sbrugna...
EUVD-2019-2081
Malware in sbrugna...
EUVD-2021-30101
Malicious code in bioql PyPI...
CVE-2019-10106
CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section...
CVE-2024-1528
CMS Made Simple 2.2.14 is reported to be vulnerable to Cross-Site Scripting through /admin/moduleinterface.php due to insufficient encoding of user-controlled input in multiple parameters. The issue is exploitable to deliver a crafted JavaScript payload to an authenticated user, with potential se...
Cross site scripting
Cross Site Scripting XSS vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php...
CVE-2021-43154
Cross Site Scripting XSS vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php...
CVE-2021-43154
CVE-2021-43154 affects CMS Made Simple 2.2.15, with a cross-site scripting (XSS) flaw in the Name field of the Add Category action in moduleinterface.php. The vulnerability stems from insufficient input sanitization/validation in that field, allowing injected scripts to be stored or reflected. Re...
CVE-2020-22842
CMS Made Simple (CMSMS) before version 2.2.15 is affected by CVE-2020-22842 due to an XSS vulnerability in the ModuleManager local_uninstall action that processes the m1_mod parameter in admin/moduleinterface.php. The underlying issue is insufficient input validation of this parameter, allowing a...
CVE-2020-22842
CMS Made Simple before 2.2.15 allows XSS via the m1mod parameter in a ModuleManager localuninstall action to admin/moduleinterface.php...
CVE-2020-14926
CMS Made Simple 2.2.14 is affected by an XSS vulnerability reachable via the Search Term parameter to admin/moduleinterface.php?mact=ModuleManager. The issue stems from inadequate validation of client-side data, per CNVD-2020-60831 and corroborated by multiple feeds. Impact is client-side code ex...
CVE-2020-10681
The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1files to admin/moduleinterface.php...
CVE-2020-10681
The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1files to admin/moduleinterface.php...
CMS Made Simple <= 2.2.12 Multiple Reflected XSS Vulnerabilities
CMS Made Simple is prone to multiple reflected cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2019-10106
CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section...
Design/Logic Flaw
CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section...
CVE-2019-10106
CMS Made Simple 2.2.10 exposes a Cross-Site Scripting (XSS) vulnerability in the News module. The issue stems from lack of proper validation in the moduleinterface.php Name field, reachable via Add Category under Site Admin Settings. Multiple sources (NVD, RH, CNVD, CVE list) corroborate an XSS c...
CVE-2019-10106
CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section...
CVE-2019-10017
CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker...