Cms Made Simple Security Vulnerabilities and Issues — Cms Made Simple CVE List

Lucene search

CmsmadesimpleCms Made Simple

20 matches found

CVE•added 2023/09/25 4:15 p.m.•98 views

CVE-2023-43339

Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.

6.1CVSS5.8AI score0.00176EPSS

CVE•added 2022/02/28 11:15 p.m.•74 views

CVE-2022-23907

CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage.

6.1CVSS6.1AI score0.00489EPSS

CVE•added 2019/03/11 6:29 p.m.•66 views

CVE-2019-9692

class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).

6.5CVSS6.6AI score0.57271EPSS

CVE•added 2007/09/24 10:17 p.m.•62 views

CVE-2007-5056

Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.

6.8CVSS7.8AI score0.70254EPSS

CVE•added 2022/04/13 11:15 p.m.•47 views

CVE-2021-43154

Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php.

6.1CVSS5.9AI score0.00228EPSS

CVE•added 2017/11/10 11:29 p.m.•44 views

CVE-2017-16784

In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter.

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2018/04/27 6:29 p.m.•41 views

CVE-2018-10516

In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory.

6.5CVSS6.2AI score0.00428EPSS

CVE•added 2010/10/08 9:0 p.m.•40 views

CVE-2010-3884

Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that reset the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from ...

6.8CVSS7.1AI score0.00079EPSS

CVE•added 2020/12/17 11:15 p.m.•40 views

CVE-2020-20138

Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4.

6.1CVSS6AI score0.00328EPSS

CVE•added 2017/06/18 9:29 p.m.•39 views

CVE-2017-9668

In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action.

6.1CVSS5.9AI score0.00223EPSS

CVE•added 2012/12/03 9:55 p.m.•38 views

CVE-2012-5450

Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deld parameter.

6.8CVSS7.2AI score0.00275EPSS

CVE•added 2007/01/31 1:28 a.m.•37 views

CVE-2007-0610

Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

6.8CVSS5.6AI score0.00505EPSS

CVE•added 2010/10/08 9:0 p.m.•37 views

CVE-2010-3883

Cross-site request forgery (CSRF) vulnerability in the Change Group Permissions module in CMS Made Simple 1.7.1 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make permission modifications.

6.8CVSS7.4AI score0.00087EPSS

CVE•added 2018/10/12 7:29 p.m.•37 views

CVE-2018-18270

XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.

6.1CVSS6AI score0.0024EPSS

CVE•added 2018/10/12 7:29 p.m.•36 views

CVE-2018-18271

XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action.

6.1CVSS6AI score0.0024EPSS

CVE•added 2007/01/03 2:0 a.m.•35 views

CVE-2006-6844

Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form.

6.8CVSS5.9AI score0.00653EPSS

CVE•added 2007/01/03 2:0 a.m.•35 views

CVE-2006-6845

Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action.

6.8CVSS5.9AI score0.00464EPSS

CVE•added 2014/03/05 4:37 p.m.•33 views

CVE-2014-2245

SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third p...

6CVSS8.2AI score0.00316EPSS

CVE•added 2007/10/14 6:17 p.m.•29 views

CVE-2007-5441

CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) adding a user via a direct request to admin/adduser.php and (2) reading the admin log via an "admin/adm...

6.5CVSS6.3AI score0.00377EPSS

CVE•added 2018/12/25 11:29 p.m.•28 views

CVE-2018-20464

There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address.

6.1CVSS5.9AI score0.0024EPSS