Lucene search

K
CmsmadesimpleCms Made Simple

8 matches found

CVE
CVE
added 2020/03/20 4:15 a.m.92 views

CVE-2020-10681

The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php.

5.4CVSS5.6AI score0.00415EPSS
CVE
CVE
added 2020/05/28 7:15 p.m.88 views

CVE-2020-13660

CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.

4.8CVSS4.8AI score0.0031EPSS
CVE
CVE
added 2020/03/20 4:15 a.m.82 views

CVE-2020-10682

The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code (it need not be a valid JPEG file).

7.8CVSS7.9AI score0.01856EPSS
CVE
CVE
added 2020/10/01 2:15 p.m.55 views

CVE-2020-24860

CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website.

5.4CVSS5.1AI score0.00634EPSS
CVE
CVE
added 2020/12/17 11:15 p.m.40 views

CVE-2020-20138

Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4.

6.1CVSS6AI score0.00328EPSS
CVE
CVE
added 2020/06/19 5:15 p.m.30 views

CVE-2020-14926

CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page.

5.4CVSS5.1AI score0.00302EPSS
CVE
CVE
added 2020/08/14 3:15 p.m.30 views

CVE-2020-17462

CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798.

7.8CVSS5.4AI score0.00437EPSS
CVE
CVE
added 2020/09/30 6:15 p.m.27 views

CVE-2020-22842

CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php.

5.4CVSS5.2AI score0.00374EPSS