Latest cmsmadesimple cms made simple Vulnerabilities

CVE-2023-43360
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.
Cmsmadesimple Cms Made Simple=2.2.18
CVE-2023-43358
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.
Cmsmadesimple Cms Made Simple=2.2.18
CVE-2023-43353
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.
Cmsmadesimple Cms Made Simple=2.2.18
CVE-2023-43357
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.
Cmsmadesimple Cms Made Simple=2.2.18
CVE-2023-43356
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu compon...
Cmsmadesimple Cms Made Simple=2.2.18
CVE-2023-43354
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG edito...
Cmsmadesimple Cms Made Simple=2.2.18
CVE-2023-43355
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences ...
Cmsmadesimple Cms Made Simple=2.2.18
CVE-2023-43359
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Cont...
Cmsmadesimple Cms Made Simple=2.2.18
CVE-2023-43339
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Po...
Cmsmadesimple Cmsmadesimple=2.2.18
Cmsmadesimple Cms Made Simple=2.2.18
CVE-2023-36970
A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function.
Cmsmadesimple Cms Made Simple=2.2.17
CVE-2023-36969
CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.
Cmsmadesimple Cms Made Simple=2.2.17
CVE-2021-28999
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.
Cmsmadesimple Cms Made Simple<=2.2.15
CVE-2021-28998
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file.
Cmsmadesimple Cms Made Simple<=2.2.15
CVE-2021-40961
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL lang...
Cmsmadesimple Cms Made Simple<=2.2.15
CVE-2021-43154
Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php.
Cmsmadesimple Cms Made Simple=2.2.15
CVE-2022-23906
CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file.
Cmsmadesimple Cms Made Simple=2.2.15
CVE-2020-23481
CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definitio...
Cmsmadesimple Cms Made Simple=2.2.14
CVE-2019-9060
An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename p...
Cmsmadesimple Cms Made Simple=2.2.8
CVE-2020-22732
Cmsmadesimple Cms Made Simple=2.2.14
CVE-2020-23240
Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.
Cmsmadesimple Cms Made Simple=2.2.14
CVE-2020-23241
Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature.
Cmsmadesimple Cms Made Simple=2.2.14
CVE-2020-36416
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Desi...
Cmsmadesimple Cms Made Simple=2.2.14
CVE-2020-36414
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "URL (slug)" or "E...
Cmsmadesimple Cms Made Simple=2.2.14
CVE-2020-36408
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Shortcut" par...
Cmsmadesimple Cms Made Simple=2.2.14
CVE-2020-36410
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Email address to ...
Cmsmadesimple Cms Made Simple=2.2.14
CVE-2020-36411
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Path for the {pag...
Cmsmadesimple Cms Made Simple=2.2.14
CVE-2020-36409
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Category" par...
Cmsmadesimple Cms Made Simple=2.2.14
CVE-2020-36412
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Search Text" fiel...
Cmsmadesimple Cms Made Simple=2.2.14
CVE-2020-36413
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Exclude these IP ...
Cmsmadesimple Cms Made Simple=2.2.14
CVE-2020-36415
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Styl...
Cmsmadesimple Cms Made Simple=2.2.14
CVE-2020-27377
Cmsmadesimple Cms Made Simple=2.2.14
CVE-2021-28935
CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences > Title field.
Cmsmadesimple Cms Made Simple=2.2.15
CVE-2020-20138
Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4.
Cmsmadesimple Cms Made Simple=2.2.4
CVE-2020-24860
CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every a...
Cmsmadesimple Cms Made Simple=2.2.14
CVE-2020-22842
CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php.
Cmsmadesimple Cms Made Simple<2.2.15
CVE-2020-17462
CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798.
Cmsmadesimple Cms Made Simple=2.2.14
CVE-2020-13660
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.
Cmsmadesimple Cms Made Simple<=2.2.14
CVE-2020-10682
The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/oc...
Cmsmadesimple Cms Made Simple=2.2.13
CVE-2020-10681
The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php.
Cmsmadesimple Cms Made Simple=2.2.13
CVE-2011-4310
The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles.
Cmsmadesimple Cms Made Simple<1.9.4.3
CVE-2019-17629
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen.
Cmsmadesimple Cms Made Simple=2.2.11
CVE-2019-17630
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen.
Cmsmadesimple Cms Made Simple=2.2.11
CVE-2019-17226
Cmsmadesimple Cms Made Simple=2.2.11
CVE-2019-11226
CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News.
Cmsmadesimple Cms Made Simple=2.2.10
CVE-2019-11513
The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action.
Cmsmadesimple Cms Made Simple<=2.2.10
CVE-2019-10105
CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager.
Cmsmadesimple Cms Made Simple=2.2.10
CVE-2019-10107
CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section.
Cmsmadesimple Cms Made Simple=2.2.10
CVE-2019-10106
Cmsmadesimple Cms Made Simple=2.2.10
CVE-2019-9059
An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting "...
Cmsmadesimple Cms Made Simple<=2.2.8
CVE-2019-9055
An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permi...
Cmsmadesimple Cms Made Simple<=2.2.8

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203