Lucene search
+L
CmsmadesimpleCms Made Simple

154 matches found

CVE
CVE
added 2019/03/26 4:15 p.m.480 views

CVE-2019-9053

CMS Made Simple 2.2.8 is affected by CVE-2019-9053 via the News module, allowing unauthenticated time-based blind SQL injection through the m1_idlist parameter. Public writeups and exploits in Connected documents indicate this vulnerability is exploitable to extract database information, and fixe...

8.1CVSS8.2AI score0.55958EPSS
CVE
CVE
added 2019/03/26 4:25 p.m.252 views

CVE-2019-9055

CMS Made Simple 2.2.8 contains a vulnerability in the DesignManager module (action.admin_bulk_css.php and action.admin_bulk_template.php) where an unserialize call on m1_allparms can be triggered by an unprivileged user with Designer permission to achieve object injection, enabling authenticated ...

8.8CVSS8.7AI score0.12281EPSS
Web
CVE
CVE
added 2022/02/28 10:55 p.m.122 views

CVE-2022-23906

CMS Made Simple 2.2.15 is reported to have a Remote Command Execution (RCE) vulnerability in the avatar upload function, exploitable via a crafted image file. The issue is documented across multiple sources (NVD, Red Hat, CVE lists) with CVSS vectors indicating high impact (C/H/I/H/A/H; CVSS3.1: ...

7.2CVSS7.1AI score0.02087EPSS
CVE
CVE
added 2023/09/25 12:0 a.m.118 views

CVE-2023-43339

CMS Made Simple 2.2.18 is affected by a Cross-Site Scripting (XSS) vulnerability that allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, Database User, or Database Port components. The issue is described across multiple sources (NVD, Red Hat, ...

6.1CVSS5.8AI score0.00645EPSS
CVE
CVE
added 2023/09/28 12:0 a.m.115 views

CVE-2023-43872

CMS Made Simple 2.2.18 is affected by a file-upload vulnerability that lets a local attacker upload a PDF containing hidden XSS. Root cause: lack of validation of uploaded files. Impact indicators in the source describe cross-site scripting with low privileges and user interaction required, thoug...

5.4CVSS5.8AI score0.00546EPSS
CVE
CVE
added 2021/03/30 12:0 p.m.113 views

CVE-2021-28935

CMS Made Simple (CMSMS) 2.2.15 is affected by an authenticated cross‑site scripting (XSS) vulnerability in /admin/addbookmark.php via Site Admin > My Preferences > Title field. The issue allows an authenticated user to inject scripts, with CVSS:3.1 base score 5.4 (MEDIUM) and CVSS2 base sco...

5.4CVSS5.1AI score0.01574EPSS
Web
CVE
CVE
added 2020/03/20 3:39 a.m.104 views

CVE-2020-10681

Summary: CVE-2020-10681 affects CMS Made Simple 2.2.13, specifically the Filemanager component, which is vulnerable to stored XSS via a .pxd file, demonstrated via m1_files[] to admin/moduleinterface.php. What’s affected: CMS Made Simple Filemanager in version 2.2.13. Root cause / vector (as stat...

5.4CVSS5.6AI score0.00623EPSS
Web
CVE
CVE
added 2024/03/05 12:0 a.m.103 views

CVE-2024-27623

CMS Made Simple 2.2.19 is affected by CVE-2024-27623, a Server-Side Template Injection in the Design Manager component, specifically when editing Breadcrumbs. Red Hat’s entry confirms the vulnerability in CMSMS 2.2.19 and does not provide an official remediation in the cited materials. The availa...

5.9CVSS9.4AI score0.01997EPSS
CVE
CVE
added 2020/05/28 6:53 p.m.99 views

CVE-2020-13660

CVE-2020-13660 concerns CMS Made Simple up to version 2.2.14, where an XSS vulnerability exists in the File Picker profile name. The connected sources consistently describe a cross-site scripting issue stemming from insufficient input/validation handling in the web application, enabling crafted p...

4.8CVSS4.8AI score0.00685EPSS
CVE
CVE
added 2019/10/06 5:4 p.m.98 views

CVE-2019-17226

Summary: CVE-2019-17226 affects CMS Made Simple (CMSMS) 2.2.11, enabling cross-site scripting via the Site Admin > Module Manager > Search Term field. The vulnerability is evidenced in multiple sources (NVD entry mirrors the description). Some open-source scanner data (OpenVAS) indicates a ...

4.8CVSS4.8AI score0.00585EPSS
CVE
CVE
added 2023/07/06 12:0 a.m.98 views

CVE-2023-36969

CMS Made Simple v2.2.17 (and affected

8.8CVSS8.8AI score0.49317EPSS
CVE
CVE
added 2020/03/20 3:39 a.m.96 views

CVE-2020-10682

CMS Made Simple Filemanager in version 2.2.13 is vulnerable to remote code execution via a crafted .php.jpegd JPEG file. An attacker can deliver PHP code by uploading a file (sent as application/octet-stream) and triggering it through admin/moduleinterface.php (e.g., using m1_files[]) to execute ...

7.8CVSS7.9AI score0.01915EPSS
Web
CVE
CVE
added 2022/02/28 10:55 p.m.88 views

CVE-2022-23907

CMS Made Simple v2.2.15 is affected by a reflected XSS via the m1_fmmessage parameter. The vulnerability is documented across multiple sources (e.g., CVE-2022-23907) and is described as a reflected XSS that could cause client-side JavaScript execution. The linked Red Hat/CVE info corroborates the...

6.1CVSS6.1AI score0.00632EPSS
CVE
CVE
added 2025/05/25 5:31 p.m.88 views

CVE-2025-5153

CMS Made Simple 2.2.21 is affected by a cross-site scripting vulnerability in the Design Manager Module, caused by improper handling of the Description argument. Exploitation is possible remotely and details have been disclosed publicly. No patch/version fix is provided in the documents; several ...

5.1CVSS3.7AI score0.00289EPSS
CVE
CVE
added 2021/07/26 8:12 p.m.87 views

CVE-2020-23241

CMS Made Simple 2.2.14 is affected by a Cross-Site Scripting (XSS) vulnerability in the “Extra” via the News > Article feature. The issue is documented across multiple sources, indicating the vulnerable component is the News > Article path in the CMS Made Simple 2.2.14 implementation, with ...

4.8CVSS4.9AI score0.00473EPSS
CVE
CVE
added 2018/02/26 5:0 p.m.84 views

CVE-2018-7448

Summary: CVE-2018-7448 affects CMS Made Simple 2.1.6. During a fresh installation, an attacker can inject arbitrary PHP code via the “timezone” parameter in step 4, causing code to be written to the configuration file (config.php) and enabling OS command execution through a backdoor. These detail...

8.5CVSS7.8AI score0.12994EPSS
Web
CVE
CVE
added 2019/03/11 6:0 p.m.84 views

CVE-2019-9692

CMS Made Simple Showtime2 contains a vulnerability in class.showtime2_image.php where a watermark image file is not validated for a standard extension (GIF/JPG/JPEG/PNG). This enables an authenticated attacker with Showtime2 privileges to upload crafted files, potentially leading to remote comman...

6.5CVSS6.6AI score0.45896EPSS
CVE
CVE
added 2023/10/20 12:0 a.m.83 views

CVE-2023-43357

CMS Made Simple 2.2.18 is affected by a Cross Site Scripting vulnerability in the Manage Shortcuts Title parameter. The flaw allows a local attacker to execute arbitrary code via a crafted script. Root cause: insufficient input validation in the Title field of the Manage Shortcuts component. Impa...

5.4CVSS6.1AI score0.00461EPSS
CVE
CVE
added 2010/05/12 3:0 p.m.82 views

CVE-2010-1482

CVE-2010-1482 affects CMS Made Simple (CMSMS) prior to version 1.7.1. The vulnerability is a cross-site scripting (XSS) flaw in the backend’s admin/editprefs.php, exploitable via the date_format_string parameter. The issue arises from insufficient escaping of user-supplied input, enabling an atta...

4.3CVSS5.6AI score0.01085EPSS
Web
CVE
CVE
added 2017/05/12 6:54 a.m.81 views

CVE-2017-8912

CVE-2017-8912 (CMS Made Simple 2.1.6) : A remote code execution vulnerability exists in admin/editusertag.php via the code parameter, enabling arbitrary PHP execution by remote authenticated admins. Root cause is tied to CreateTagFunction/CallUserTag logic. Affected software is CMS Made Simple 2....

7.2CVSS7.1AI score0.03111EPSS
Web
CVE
CVE
added 2024/03/12 3:19 p.m.81 views

CVE-2024-1527

CMS Made Simple 2.2.14 has an Unrestricted File Upload vulnerability (CVE-2024-1527). An authenticated user can bypass upload protections and potentially upload a webshell to achieve remote command execution. Multiple sources (NVD entry) describe the impact as high to critical with high confident...

9.8CVSS9.6AI score0.00921EPSS
CVE
CVE
added 2023/10/20 12:0 a.m.80 views

CVE-2023-43353

CMS Made Simple 2.2.18 is affected by a Cross-Site Scripting vulnerability in the News menu component’s extra parameter that can lead to arbitrary code execution. The issue is documented across multiple sources with PoC availability and a low-to-moderate CVSS (NVD base 5.4; AV:N/AC:L/PR:L/UI:R/S:...

5.4CVSS6.1AI score0.00473EPSS
CVE
CVE
added 2023/10/20 12:0 a.m.80 views

CVE-2023-43354

CMS Made Simple 2.2.18 contains a Cross-Site Scripting vulnerability in the MicroTiny WYSIWYG editor’s Profiles parameter, allowing a local attacker to execute arbitrary code via a crafted script. The issue is documented across multiple sources (e.g., RH/CVE and NVD) with the same description. Th...

5.4CVSS6.1AI score0.00461EPSS
CVE
CVE
added 2017/11/10 11:0 p.m.79 views

CVE-2017-16783

CMS Made Simple 2.1.6 is affected by CVE-2017-16783: a Server-Side Template Injection issue exploited via the cntnt01detailtemplate parameter. Public references (NVD and exploit databases) describe a high-severity vulnerability with authenticated-free, network-exposed exploitation and impact to c...

9.8CVSS9.6AI score0.07969EPSS
CVE
CVE
added 2018/03/13 1:0 a.m.79 views

CVE-2018-1000094

CVE-2018-1000094 affects CMS Made Simple 2.2.5. The vulnerability is a remote code execution via the File Manager, exploitable by an authenticated administrator who can upload a file and copy/rename it to a PHP extension, enabling execution of arbitrary code on the server (e.g., via a PHP shell)....

7.2CVSS7.2AI score0.40548EPSS
CVE
CVE
added 2007/09/24 10:0 p.m.78 views

CVE-2007-5056

CVE-2007-5056 is an eval injection in adodb-perf-module.inc.php of ADOdb Lite

6.8CVSS7.8AI score0.27871EPSS
CVE
CVE
added 2022/06/09 12:0 a.m.78 views

CVE-2021-40961

CVE-2021-40961 affects CMS Made Simple

8.8CVSS9AI score0.01674EPSS
Web
CVE
CVE
added 2024/03/12 3:25 p.m.77 views

CVE-2024-1529

CMS Made Simple 2.2.14 is affected by a Cross-Site Scripting (XSS) vulnerability in the /admin/adduser.php endpoint due to insufficient encoding of user-controlled input across multiple parameters. The issue could allow a remote attacker to deliver a crafted JavaScript payload to an authenticated...

7.4CVSS6.6AI score0.00436EPSS
Web
CVE
CVE
added 2018/04/27 6:0 p.m.76 views

CVE-2018-10517

CVE-2018-10517 concerns CMS Made Simple (CMSMS) up to version 2.2.7. The vulnerability lies in the admin dashboard’s “module import” operation, where an XML Package can include a data element with base64-encoded PHP code, enabling a remote code execution when exploited by an authenticated adminis...

7.2CVSS7.5AI score0.12178EPSS
CVE
CVE
added 2023/10/20 12:0 a.m.76 views

CVE-2023-43356

CVE-2023-43356 concerns CMS Made Simple (CMSMS) v2.2.18 with a stored Cross Site Scripting (XSS) flaw in the Global Settings Menu component, via the Global Meatadata parameter. The attack vector is local to an authenticated user view where crafted input is injected, enabling arbitrary code execut...

5.4CVSS6.1AI score0.00461EPSS
CVE
CVE
added 2021/07/26 8:6 p.m.75 views

CVE-2020-23240

CMS Made Simple 2.2.14 is vulnerable to Cross-Site Scripting via the Logic field in the Content Manager (XSS). The issue is documented across NVD/CVE records and mirrored by Red Hat and CNVD entries. The OpenVAS entry notes a WillNotFix remediation in its data; no patch/version fix is provided in...

4.8CVSS5.1AI score0.00473EPSS
CVE
CVE
added 2019/11/26 10:57 p.m.74 views

CVE-2011-4310

CVE-2011-4310 corresponds to a vulnerability in the News module of CMS Made Simple (CMSMS) prior to version 1.9.4.3. The issue allows remote attackers to corrupt newly written articles. Affected products: CMSMS, with the News module as the vulnerable component; vulnerable scope is versions earlie...

7.5CVSS7.5AI score0.01061EPSS
CVE
CVE
added 2021/07/02 5:51 p.m.74 views

CVE-2020-36414

CMS Made Simple is affected by a stored XSS in version 2.2.14 via crafted payloads entered in the Add Article feature (URL slug or Extra fields). The vulnerability requires authentication and could allow executing arbitrary scripts/HTML in the victim’s browser. Publicly documented fixes point to ...

5.4CVSS5.2AI score0.00473EPSS
CVE
CVE
added 2024/03/05 12:0 a.m.73 views

CVE-2024-27622

CMS Made Simple v2.2.19/v2.2.21 contains a remote code execution (RCE) flaw in the User Defined Tags module. The vulnerability arises from inadequate sanitization of user-supplied input in the module’s Code section, allowing authenticated users with administrative privileges to inject and execute...

7.2CVSS9.7AI score0.01997EPSS
CVE
CVE
added 2023/10/24 12:0 a.m.72 views

CVE-2023-43360

CMS Made Simple 2.2.18 is affected by a Cross-Site Scripting vulnerability in the File Picker Menu’s Top Directory parameter. A local attacker can inject crafted scripts to gain arbitrary code execution within the CMS. Root cause: improper handling of user-supplied input in the Top Directory fiel...

5.4CVSS6.1AI score0.00544EPSS
CVE
CVE
added 2023/10/20 12:0 a.m.71 views

CVE-2023-43355

CMS Made Simple 2.2.18 has a stored XSS flaw exposed via the My Preferences – Add user component that lets a local attacker craft a script through the password and password again parameters to execute arbitrary code. Public sources (e.g., Red Hat, CNNVD, OpenVAS writeups) confirm the vulnerabilit...

5.4CVSS6.2AI score0.00485EPSS
CVE
CVE
added 2024/03/12 3:22 p.m.71 views

CVE-2024-1528

CMS Made Simple 2.2.14 is reported to be vulnerable to Cross-Site Scripting through /admin/moduleinterface.php due to insufficient encoding of user-controlled input in multiple parameters. The issue is exploitable to deliver a crafted JavaScript payload to an authenticated user, with potential se...

7.4CVSS6.6AI score0.00436EPSS
CVE
CVE
added 2008/01/04 11:0 a.m.70 views

CVE-2007-6656

The CVE-2007-6656 entry describes an SQL injection in CMS Made Simple's TinyMCE module, specifically in content_css.php, affecting CMS Made Simple 1.2.2 and earlier. The vulnerability allows remote attackers to execute arbitrary SQL commands via the templateid parameter. The provided sources conf...

7.5CVSS8.4AI score0.01229EPSS
CVE
CVE
added 2016/05/26 2:0 p.m.70 views

CVE-2016-2784

CMS Made Simple is vulnerable to a cache-poisoning/XSS issue when Smarty Cache is active. A remote attacker can craft the Host header to poison the web server cache and modify links, potentially enabling XSS. Affected are CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2. Exploitation has be...

4.7CVSS4.5AI score0.02451EPSS
Web
CVE
CVE
added 2020/10/01 1:55 p.m.68 views

CVE-2020-24860

CVE-2020-24860 affects CMS Made Simple 2.2.14. An authenticated user with access to the Content Manager can edit content and inject a persistent XSS payload into affected text fields, potentially obtaining cookies from every authenticated visitor. The available connected documents confirm the vul...

5.4CVSS5.1AI score0.01087EPSS
CVE
CVE
added 2021/07/02 5:51 p.m.68 views

CVE-2020-36410

CMS Made Simple 2.2.14 contains a stored XSS vulnerability in the Options module. An authenticated attacker can submit a crafted payload to the "Email address to receive notification of news submission" parameter, leading to execution of arbitrary web scripts/HTML. Multiple connected sources corr...

5.4CVSS5.2AI score0.00473EPSS
CVE
CVE
added 2021/07/02 5:51 p.m.68 views

CVE-2020-36415

CMS Made Simple 2.2.14 is affected by a stored XSS in the Stylesheets module (Create a new Stylesheet field). Authenticated users can inject arbitrary web scripts through this parameter, potentially impacting data integrity and user sessions. No remediation details are provided in the supplied do...

5.4CVSS5.2AI score0.00473EPSS
CVE
CVE
added 2014/03/02 5:0 p.m.66 views

CVE-2014-0334

CMS Made Simple (1.11.x) has multiple XSS vulnerabilities (CVE-2014-0334) exploitable via many admin parameters (admin/addgroup.php, admin/addhtmlblob.php, admin/addbookmark.php, admin/copystylesheet.php, admin/copytemplate.php, admin/editbookmark.php, admin/listtemplates.php, admin/listcss.php, ...

3.5CVSS5.3AI score0.0152EPSS
Web
CVE
CVE
added 2017/06/18 9:0 p.m.66 views

CVE-2017-9668

CMS Made Simple

6.1CVSS5.9AI score0.00602EPSS
CVE
CVE
added 2019/06/05 5:56 p.m.66 views

CVE-2019-11226

CVE-2019-11226 : CMS Made Simple 2.2.10 contains a cross-site scripting (XSS) vulnerability reachable via the m1_name parameter in the Add Article workflow under Content → Content Manager → News. Several sources describe this as an XSS issue (some references note authenticated, persistent XSS beh...

5.4CVSS5.2AI score0.00917EPSS
CVE
CVE
added 2021/07/02 5:51 p.m.66 views

CVE-2020-36408

CMS Made Simple 2.2.14 is affected by a stored XSS via the Add Shortcut field in the Manage Shortcuts module. Exploitation requires authentication, enabling attackers to inject and execute arbitrary web scripts or HTML in the context of the affected site. Affected product/version: CMS Made Simple...

5.4CVSS5.2AI score0.00473EPSS
CVE
CVE
added 2021/07/02 5:51 p.m.66 views

CVE-2020-36412

CVE-2020-36412 affects CMS Made Simple 2.2.14. The vulnerability is a stored XSS in the Admin/Search module, exploitable by submitting a crafted payload into the Search Text field. The issue is reported as an authenticated vulnerability where an attacker with access to the CMS backend can execute...

5.4CVSS5.2AI score0.00473EPSS
CVE
CVE
added 2023/10/26 12:0 a.m.65 views

CVE-2023-43352

CMS Made Simple vulnerability CVE-2023-43352 affects v2.2.18, where a local attacker can trigger arbitrary code execution via a crafted payload in the Content Manager Menu component. The issue is described consistently across multiple sources as a local, post-authentication or local-privilege?—ba...

7.8CVSS7.7AI score0.00527EPSS
CVE
CVE
added 2024/03/05 12:0 a.m.64 views

CVE-2024-27625

CVE-2024-27625 affects CMS Made Simple version 2.2.19 and specifically targets the File Manager module in the admin panel. The root cause is inadequate sanitization of user input in the "New directory" field, enabling cross-site scripting (XSS). The vulnerability is documented across multiple sou...

4.8CVSS9AI score0.00411EPSS
CVE
CVE
added 2018/01/02 5:0 p.m.63 views

CVE-2017-1000454

CVE-2017-1000454 affects CMS Made Simple versions 2.1.6, 2.2, and 2.2.1. Affected component: Smarty Template Injection in some core components. Impact: local file read prior to 2.2 and local file inclusion since 2.2.1. Documentation from multiple sources confirms vulnerability details; explicit r...

7.8CVSS7.5AI score0.00785EPSS
Total number of security vulnerabilities154