EUVD-2020-7062

Malware in sbrugna...

CVE-2020-22842

CMS Made Simple before 2.2.15 allows XSS via the m1mod parameter in a ModuleManager localuninstall action to admin/moduleinterface.php...

Malicious Module can change the policy commit of a Gnosis Safe console Account

Lines of code Vulnerability details Impact The overall design of the Gnosis safe allows for the addition of a Module, modules are smart contracts that extend the ability of the Gnosis safe, which means that a module can be setup in such a way that it can perform actions that is meant to improve t...

Upgraded Q -> 2 from #157 [1676219053268]

Judge has assessed an item in Issue 157 as 2 risk. The relevant finding follows: L-08 No Storage Gap for BaseSmartAccount and ModuleManager --- The text was updated successfully, but these errors were encountered: All reactions...

CVE-2020-22842

CMS Made Simple before 2.2.15 allows XSS via the m1mod parameter in a ModuleManager localuninstall action to admin/moduleinterface.php...

Cross site scripting

CMS Made Simple before 2.2.15 allows XSS via the m1mod parameter in a ModuleManager localuninstall action to admin/moduleinterface.php...

CVE-2020-22842

CMS Made Simple before 2.2.15 allows XSS via the m1mod parameter in a ModuleManager localuninstall action to admin/moduleinterface.php...

CVE-2020-22842

CMS Made Simple (CMSMS) before version 2.2.15 is affected by CVE-2020-22842 due to an XSS vulnerability in the ModuleManager local_uninstall action that processes the m1_mod parameter in admin/moduleinterface.php. The underlying issue is insufficient input validation of this parameter, allowing a...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2020-64604)

CMS Made Simple CMSMS is an open source content management system CMS from the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in CMS Made...

CVE-2020-14926

CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page...

Cross site scripting

CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page...

CVE-2019-9061

An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager in the file action.installmodule.php, it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature...

Design/Logic Flaw

An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager in the file action.installmodule.php, it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature...

CVE-2019-9061

An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager in the file action.installmodule.php, it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature...

CVE-2011-4670

Multiple cross-site scripting XSS vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 viewname parameter in a CalendarAjax action, 2 activitymode parameter in a DetailView action, 3 contactid and 4 parentid parameters in an...