Cms Made Simple@2.2.18 Security Vulnerabilities and Issues — Cms Made Simple@2.2.18 CVE List

Lucene search

CmsmadesimpleCms Made Simple2.2.18

11 matches found

CVE•added 2023/09/25 4:15 p.m.•98 views

CVE-2023-43339

Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.

6.1CVSS5.8AI score0.00176EPSS

CVE•added 2023/09/28 2:15 p.m.•92 views

CVE-2023-43872

A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).

5.4CVSS5.8AI score0.00597EPSS

CVE•added 2023/10/20 10:15 p.m.•70 views

CVE-2023-43357

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.

5.4CVSS6.1AI score0.00255EPSS

CVE•added 2023/10/20 10:15 p.m.•61 views

CVE-2023-43356

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.

5.4CVSS6.1AI score0.00255EPSS

CVE•added 2023/10/20 10:15 p.m.•60 views

CVE-2023-43354

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.

5.4CVSS6.1AI score0.00235EPSS

CVE•added 2023/10/20 10:15 p.m.•59 views

CVE-2023-43353

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.

5.4CVSS6.1AI score0.00235EPSS

CVE•added 2023/10/20 10:15 p.m.•59 views

CVE-2023-43355

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.

5.4CVSS6.2AI score0.00386EPSS

CVE•added 2023/10/25 6:17 p.m.•56 views

CVE-2023-43360

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.

5.4CVSS6.1AI score0.00386EPSS

CVE•added 2023/10/26 10:15 p.m.•46 views

CVE-2023-43352

An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component.

7.8CVSS7.7AI score0.00664EPSS

CVE•added 2023/10/23 10:15 p.m.•39 views

CVE-2023-43358

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.

5.4CVSS6.1AI score0.00152EPSS

CVE•added 2023/10/19 10:15 p.m.•29 views

CVE-2023-43359

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component.

5.4CVSS6.1AI score0.00112EPSS