Filtered by vendor Cmsmadesimple
Subscribe
Total
149 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-22842 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php. | |||||
CVE-2020-24860 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website. | |||||
CVE-2020-10681 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php. | |||||
CVE-2020-13660 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name. | |||||
CVE-2020-14926 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page. | |||||
CVE-2020-10682 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code (it need not be a valid JPEG file). | |||||
CVE-2020-17462 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 6.5 MEDIUM | 7.8 HIGH |
CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798. | |||||
CVE-2019-17629 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen. | |||||
CVE-2011-4310 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles. | |||||
CVE-2019-17630 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen. | |||||
CVE-2019-17226 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field. | |||||
CVE-2019-10107 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section. | |||||
CVE-2019-9055 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection. | |||||
CVE-2019-11513 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action. | |||||
CVE-2019-1010290 | 1 Cmsmadesimple | 1 Bable\ | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a "newurl" parameter. The component is: redirect.php. The attack vector is: The victim must open a link created by an attacker. Attacker may use any legitimate site using Babel to redirect user to a URL of his/her choosing. | |||||
CVE-2019-10106 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section. | |||||
CVE-2019-10017 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker. | |||||
CVE-2019-9058 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the sel_groups parameter that leads to authenticated object injection. | |||||
CVE-2019-9057 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection. | |||||
CVE-2019-9692 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). |