Filtered by vendor Cmsmadesimple
Subscribe
Total
156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7893 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-03-29 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter. | |||||
| CVE-2018-7448 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-03-22 | 8.5 HIGH | 7.5 HIGH |
| Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure. | |||||
| CVE-2018-5963 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-02-07 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter. | |||||
| CVE-2018-5965 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-02-07 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter. | |||||
| CVE-2018-5964 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-02-07 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter. | |||||
| CVE-2017-1000454 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-01-16 | 4.6 MEDIUM | 7.8 HIGH |
| CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1 | |||||
| CVE-2017-1000453 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-01-16 | 7.5 HIGH | 9.8 CRITICAL |
| CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution. | |||||
| CVE-2017-17734 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-01-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. | |||||
| CVE-2017-17735 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-01-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. | |||||
| CVE-2017-16799 | 1 Cmsmadesimple | 1 Cmsmadesimple | 2017-11-27 | 3.5 LOW | 5.4 MEDIUM |
| In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882. | |||||
| CVE-2017-16784 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-11-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter. | |||||
| CVE-2008-5642 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie. | |||||
| CVE-2007-5056 | 6 Adodb Lite, Cmsmadesimple, Journalness and 3 more | 6 Adodb Lite, Cms Made Simple, Journalness and 3 more | 2017-09-29 | 6.8 MEDIUM | N/A |
| Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter. | |||||
| CVE-2012-6064 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-08-29 | 3.5 LOW | N/A |
| Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. (dot dot) in the deld parameter. NOTE: this can be leveraged using CSRF (CVE-2012-5450) to allow remote attackers to delete arbitrary files. | |||||
| CVE-2012-5450 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-08-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deld parameter. | |||||
| CVE-2007-2473 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter. | |||||
| CVE-2007-0610 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2017-9668 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-06-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action. | |||||
| CVE-2017-6555 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description"). | |||||
| CVE-2017-6556 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field. | |||||