Cms_made_simple - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Cms_made_simple
(Cmsmadesimple)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	145

Date	Id	Summary	Products	Score	Patch	Annotated
2023-10-25	CVE-2023-43360	Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.	Cms_made_simple	5.4
2023-10-23	CVE-2023-43358	Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.	Cms_made_simple	5.4
2023-10-20	CVE-2023-43354	Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.	Cms_made_simple	5.4
2023-10-20	CVE-2023-43353	Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.	Cms_made_simple	5.4
2023-10-20	CVE-2023-43355	Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.	Cms_made_simple	5.4
2023-10-20	CVE-2023-43356	Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.	Cms_made_simple	5.4
2023-10-20	CVE-2023-43357	Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.	Cms_made_simple	5.4
2023-07-06	CVE-2023-36969	CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.	Cms_made_simple	8.8
2023-07-06	CVE-2023-36970	A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function.	Cms_made_simple	5.4
2023-05-08	CVE-2021-28999	SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.	Cms_made_simple	8.8