Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cms_made_simple
(Cmsmadesimple)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 151 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-05-25 | CVE-2025-5153 | A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown processing of the component Design Manager Module. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | Cms_made_simple | 4.8 | ||
| 2024-03-12 | CVE-2024-1527 | Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell. | Cms_made_simple | 8.8 | ||
| 2024-03-12 | CVE-2024-1528 | CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/moduleinterface.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session. | Cms_made_simple | 6.1 | ||
| 2024-03-12 | CVE-2024-1529 | Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/adduser.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and partially take over their browser session. | Cms_made_simple | 6.1 | ||
| 2023-05-08 | CVE-2021-28998 | File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file. | Cms_made_simple | 7.2 | ||
| 2023-05-08 | CVE-2021-28999 | SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php. | Cms_made_simple | 8.8 | ||
| 2020-05-28 | CVE-2020-13660 | CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name. | Cms_made_simple | 4.8 | ||
| 2020-06-19 | CVE-2020-14926 | CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page. | Cms_made_simple | 5.4 | ||
| 2020-08-14 | CVE-2020-17462 | CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798. | Cms_made_simple | 7.8 | ||
| 2020-09-30 | CVE-2020-22842 | CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php. | Cms_made_simple | 5.4 |