Lucene search

K
CmsmadesimpleCms Made Simple2.2.14

20 matches found

CVE
CVE
added 2021/07/26 9:15 p.m.73 views

CVE-2020-23241

Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature.

4.8CVSS4.9AI score0.00507EPSS
CVE
CVE
added 2024/03/12 4:15 p.m.69 views

CVE-2024-1527

Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell.

9.8CVSS9.6AI score0.00042EPSS
CVE
CVE
added 2024/03/12 4:15 p.m.59 views

CVE-2024-1529

Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/adduser.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payl...

7.4CVSS6.6AI score0.00059EPSS
CVE
CVE
added 2024/03/12 4:15 p.m.58 views

CVE-2024-1528

CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/moduleinterface.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to ...

7.4CVSS6.6AI score0.00059EPSS
CVE
CVE
added 2021/07/26 9:15 p.m.55 views

CVE-2020-23240

Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.

4.8CVSS5.1AI score0.00507EPSS
CVE
CVE
added 2020/10/01 2:15 p.m.55 views

CVE-2020-24860

CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website.

5.4CVSS5.1AI score0.00634EPSS
CVE
CVE
added 2021/07/02 6:15 p.m.54 views

CVE-2020-36414

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "URL (slug)" or "Extra" fields under the "Add Article" feature.

5.4CVSS5.2AI score0.00322EPSS
CVE
CVE
added 2021/07/02 6:15 p.m.51 views

CVE-2020-36408

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Shortcut" parameter under the "Manage Shortcuts" module.

5.4CVSS5.2AI score0.00305EPSS
CVE
CVE
added 2021/07/02 6:15 p.m.49 views

CVE-2020-36412

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Search Text" field under the "Admin Search" module.

5.4CVSS5.2AI score0.00275EPSS
CVE
CVE
added 2021/07/02 6:15 p.m.49 views

CVE-2020-36415

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Stylesheet" parameter under the "Stylesheets" module.

5.4CVSS5.2AI score0.00275EPSS
CVE
CVE
added 2021/07/02 6:15 p.m.46 views

CVE-2020-36410

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Email address to receive notification of news submission" parameter under the "Options" module.

5.4CVSS5.2AI score0.00275EPSS
CVE
CVE
added 2021/07/02 6:15 p.m.45 views

CVE-2020-36409

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Category" parameter under the "Categories" module.

5.4CVSS5.2AI score0.00275EPSS
CVE
CVE
added 2021/07/02 6:15 p.m.45 views

CVE-2020-36411

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Path for the {page_image} tag:" or "Path for thumbnail field:" parameters under the "Content Editing Settings" modul...

5.4CVSS5.3AI score0.00275EPSS
CVE
CVE
added 2021/07/02 6:15 p.m.45 views

CVE-2020-36416

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Design" parameter under the "Designs" module.

5.4CVSS5.2AI score0.00275EPSS
CVE
CVE
added 2021/07/02 6:15 p.m.42 views

CVE-2020-36413

A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Exclude these IP addresses from the "Site Down" status" parameter under the "Maintenance Mode" module.

5.4CVSS5.2AI score0.00275EPSS
CVE
CVE
added 2021/06/01 3:15 p.m.35 views

CVE-2020-27377

A cross-site scripting (XSS) vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14 which allows an attacker to execute arbitrary web scripts.

4.8CVSS5AI score0.0031EPSS
CVE
CVE
added 2020/06/19 5:15 p.m.30 views

CVE-2020-14926

CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page.

5.4CVSS5.1AI score0.00302EPSS
CVE
CVE
added 2020/08/14 3:15 p.m.30 views

CVE-2020-17462

CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798.

7.8CVSS5.4AI score0.00437EPSS
CVE
CVE
added 2021/09/22 8:15 p.m.30 views

CVE-2020-23481

CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field.

5.4CVSS5.3AI score0.00467EPSS
CVE
CVE
added 2021/08/05 5:15 p.m.28 views

CVE-2020-22732

CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker..

4.8CVSS4.8AI score0.00533EPSS