Cms Made Simple@2.2.15 Security Vulnerabilities and Issues — Cms Made Simple@2.2.15 CVE List

Lucene search

CmsmadesimpleCms Made Simple2.2.15

4 matches found

CVE•added 2022/02/28 11:15 p.m.•109 views

CVE-2022-23906

CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file.

7.2CVSS7.1AI score0.06427EPSS

CVE•added 2021/03/30 12:16 p.m.•90 views

CVE-2021-28935

CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences > Title field.

5.4CVSS5.1AI score0.0023EPSS

CVE•added 2022/02/28 11:15 p.m.•74 views

CVE-2022-23907

CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage.

6.1CVSS6.1AI score0.00489EPSS

CVE•added 2022/04/13 11:15 p.m.•47 views

CVE-2021-43154

Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php.

6.1CVSS5.9AI score0.00228EPSS