51 matches found
Design/Logic Flaw
CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker...
CVE-2019-10017
CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker...
CVE-2019-10017
CVE-2019-10017 affects CMS Made Simple 2.2.10, where a cross-site scripting (XSS) flaw is triggered via the moduleinterface.php Name field during the File Picker’s "Add a new Profile" flow. The issue is documented across multiple feeds (NVD, Red Hat, CNVD, CVE lists) with consistent description: ...
CVE-2018-10032
CMS Made Simple aka CMSMS 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1version parameter...
Design/Logic Flaw
CMS Made Simple aka CMSMS 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1version parameter...
CVE-2018-10031
CMS Made Simple aka CMSMS 2.2.7 has CSRF in admin/moduleinterface.php...
Design/Logic Flaw
CMS Made Simple aka CMSMS 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799...
Cross site request forgery (csrf)
CMS Made Simple aka CMSMS 2.2.7 has CSRF in admin/moduleinterface.php...
CVE-2018-10029
CMS Made Simple aka CMSMS 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799...
CVE-2018-10032
CMS Made Simple aka CMSMS 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1version parameter...
CVE-2018-10031
CMS Made Simple aka CMSMS 2.2.7 has CSRF in admin/moduleinterface.php...
CVE-2018-10031
CVE-2018-10031 concerns CMS Made Simple (CMSMS) 2.2.7, where a Cross-Site Request Forgery (CSRF) flaw exists in admin/moduleinterface.php. Multiple connected sources corroborate that this is a CSRF vulnerability specific to CMSMS 2.2.7, with the CVE entry describing a CSRF in the admin interface....
CVE-2018-10029
CMS Made Simple (CMSMS) 2.2.7 is cited as having a Reflected XSS flaw in admin/moduleinterface.php via the m1_name parameter (linked to moduledepends). This CVE-2018-10029 description is explicitly differentiated from CVE-2017-16799. Across connected sources (CNVD, RH Red Hat, CNVD CNVD-2017-3650...
CVE-2018-10032
CMS Made Simple (CMSMS) 2.2.7 contains a Reflected XSS in admin/moduleinterface.php via the m1_version parameter. The issue is documented across multiple sources (NVD, Red Hat, CNVD, CVE lists) as a reflection vulnerability in CMSMS 2.2.7; details consistently indicate the vulnerable component is...
CVE-2018-10029
CMS Made Simple aka CMSMS 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799...
CVE-2018-8058
CMS Made Simple CMSMS 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter...
CVE-2018-8058
CMS Made Simple CMSMS 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter...
Code injection
CMS Made Simple CMSMS 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter...
CVE-2018-8058
CMS Made Simple (CMSMS) 2.2.6 contains a cross‑site scripting (XSS) vulnerability in admin/moduleinterface.php via the pagedata parameter. Affected component: CMSMS core web interface; vulnerability type: stored XSS. The CVE and related OpenVAS entry indicate multiple stored XSS vulnerabilities i...
CVE-2018-8058
CMS Made Simple CMSMS 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter...