Filtered by vendor Cmsmadesimple
Subscribe
Total
156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11513 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-04-27 | 3.5 LOW | 4.8 MEDIUM |
| The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action. | |||||
| CVE-2019-9053 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-04-24 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter. | |||||
| CVE-2019-9692 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-04-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). | |||||
| CVE-2019-10105 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-03-27 | 3.5 LOW | 5.4 MEDIUM |
| CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager. | |||||
| CVE-2019-10107 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-03-27 | 3.5 LOW | 5.4 MEDIUM |
| CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section. | |||||
| CVE-2019-10106 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-03-27 | 3.5 LOW | 5.4 MEDIUM |
| CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section. | |||||
| CVE-2019-9059 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-03-27 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting "sendmail" in the "Mailer" option, and launching the "Forgot your password" feature. | |||||
| CVE-2018-1000094 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-03-19 | 6.5 MEDIUM | 7.2 HIGH |
| CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension. | |||||
| CVE-2018-10517 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-03-15 | 6.5 MEDIUM | 7.2 HIGH |
| In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element. | |||||
| CVE-2019-9693 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-03-12 | 6.5 MEDIUM | 8.8 HIGH |
| In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id). | |||||
| CVE-2018-19597 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-02-26 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798. | |||||
| CVE-2018-20464 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address. | |||||
| CVE-2018-18270 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | |||||
| CVE-2018-18271 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | |||||
| CVE-2010-3884 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-11-27 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that reset the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-2392 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function. | |||||
| CVE-2006-6845 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action. | |||||
| CVE-2006-6844 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form. | |||||
| CVE-2007-0551 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters. | |||||
| CVE-2007-5444 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-10-15 | 5.0 MEDIUM | N/A |
| CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for unspecified files. | |||||