Filtered by vendor Cmsmadesimple
Subscriptions
Filtered by product Cms Made Simple
Subscriptions
Total
147 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10518 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-16 | N/A |
| In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories. | ||||
| CVE-2010-3882 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remote attackers to inject arbitrary web script or HTML via input to the (1) Add Pages, (2) Add Global Content, (3) Edit Global Content, (4) Add Article, (5) Add Category, (6) Add Field Definition, or (7) Add Shortcut module. | ||||
| CVE-2017-1000454 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-16 | N/A |
| CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1 | ||||
| CVE-2018-10033 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-16 | N/A |
| CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter. | ||||
| CVE-2018-18270 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-16 | N/A |
| XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | ||||
| CVE-2010-3884 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that reset the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2018-10515 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-16 | N/A |
| In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive. | ||||
| CVE-2017-17734 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-16 | N/A |
| CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. | ||||
| CVE-2018-10086 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-16 | N/A |
| CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval('function testfunction'.rand()" and it is possible to bypass certain restrictions on these "testfunction" functions. | ||||
| CVE-2018-10081 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-16 | N/A |
| CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring. | ||||
| CVE-2018-10032 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-16 | N/A |
| CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter. | ||||
| CVE-2017-11404 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-16 | N/A |
| In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php. | ||||
| CVE-2018-10520 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-16 | N/A |
| In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories. | ||||
| CVE-2018-10084 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-16 | N/A |
| CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed. | ||||
| CVE-2018-10029 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-16 | N/A |
| CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799. | ||||
| CVE-2017-17735 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-16 | N/A |
| CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. | ||||
| CVE-2023-43359 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-12 | 5.4 Medium |
| Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component. | ||||
| CVE-2023-43358 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-12 | 5.4 Medium |
| Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component. | ||||
| CVE-2023-43353 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-12 | 5.4 Medium |
| Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component. | ||||
| CVE-2023-43354 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-12 | 5.4 Medium |
| Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component. | ||||