Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cms_made_simple
(Cmsmadesimple)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 151 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-06-18 | CVE-2017-9668 | In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action. | Cms_made_simple | 6.1 | ||
| 2017-03-09 | CVE-2017-6556 | Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field. | Cms_made_simple | 5.4 | ||
| 2017-03-09 | CVE-2017-6555 | Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description"). | Cms_made_simple | 5.4 | ||
| 2017-02-21 | CVE-2017-6072 | CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin. | Cms_made_simple, Form_builder | 5.3 | ||
| 2017-02-21 | CVE-2017-6070 | CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form. | Cms_made_simple, Form_builder | 9.8 | ||
| 2017-12-18 | CVE-2017-17735 | CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. | Cms_made_simple | 9.8 | ||
| 2017-12-18 | CVE-2017-17734 | CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. | Cms_made_simple | 9.8 | ||
| 2017-11-10 | CVE-2017-16784 | In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter. | Cms_made_simple | 6.1 | ||
| 2018-01-02 | CVE-2017-1000454 | CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1 | Cms_made_simple | 7.8 | ||
| 2018-01-02 | CVE-2017-1000453 | CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution. | Cms_made_simple | 9.8 |