CVE-2018-7893

CVE-2018-7893 : CMS Made Simple (CMSMS) 2.2.6 is affected by a stored XSS in admin/moduleinterface.php via the metadata parameter. The CVSS data (NVD) lists a base score of 3.5 (LOW) under CVSS2 and 4.8 (MEDIUM) under CVSS3, with network attack vector and low impact on confidentiality/availabilit...

Design/Logic Flaw

CMS Made Simple CMSMS 2.2.5 has XSS in admin/moduleinterface.php via the m1messages parameter...

CVE-2018-5965

CMS Made Simple CMSMS 2.2.5 has XSS in admin/moduleinterface.php via the m1errors parameter...

CVE-2018-5964

CMS Made Simple CMSMS 2.2.5 has XSS in admin/moduleinterface.php via the m1messages parameter...

CVE-2018-5965

CMS Made Simple CMSMS 2.2.5 has XSS in admin/moduleinterface.php via the m1errors parameter...

CVE-2018-5964

CMS Made Simple CMSMS 2.2.5 has XSS in admin/moduleinterface.php via the m1messages parameter...

CVE-2017-16799

In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882...

Design/Logic Flaw

In CMS Made Simple CMSMS 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php...

Design/Logic Flaw

In CMS Made Simple CMSMS 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file...

CVE-2017-11404

In CMS Made Simple CMSMS 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php...

CVE-2017-11405

CMS Made Simple (CMSMS) 2.2.2 is affected by CVE-2017-11405. Remote authenticated administrators can abuse a sequence of actions (CMSContentManager to admin/moduleinterface.php, then a FilePicker action that changes type=image to type=file) to upload a PHP file. The exact vulnerability chain enab...