Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cms_made_simple
(Cmsmadesimple)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 151 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-02-26 | CVE-2018-7448 | Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure. | Cms_made_simple | 7.5 | ||
| 2018-01-25 | CVE-2018-5965 | CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter. | Cms_made_simple | 4.8 | ||
| 2018-01-25 | CVE-2018-5964 | CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter. | Cms_made_simple | 4.8 | ||
| 2018-01-25 | CVE-2018-5963 | CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter. | Cms_made_simple | 4.8 | ||
| 2018-12-25 | CVE-2018-20464 | There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address. | Cms_made_simple | 6.1 | ||
| 2018-12-19 | CVE-2018-19597 | CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798. | Cms_made_simple | 4.8 | ||
| 2018-10-12 | CVE-2018-18271 | XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | Cms_made_simple | 6.1 | ||
| 2018-10-12 | CVE-2018-18270 | XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | Cms_made_simple | 6.1 | ||
| 2018-04-27 | CVE-2018-10523 | CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php. | Cms_made_simple | 5.3 | ||
| 2018-04-27 | CVE-2018-10522 | In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents function. | Cms_made_simple | 4.9 |