Cms_made_simple - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Cms_made_simple
(Cmsmadesimple)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	151

Date	Id	Summary	Products	Score	Patch	Annotated
2021-07-02	CVE-2020-36414	A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "URL (slug)" or "Extra" fields under the "Add Article" feature.	Cms_made_simple	5.4
2021-07-02	CVE-2020-36415	A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Stylesheet" parameter under the "Stylesheets" module.	Cms_made_simple	5.4
2021-07-02	CVE-2020-36416	A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Design" parameter under the "Designs" module.	Cms_made_simple	5.4
2021-07-26	CVE-2020-23240	Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.	Cms_made_simple	4.8
2021-07-26	CVE-2020-23241	Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature.	Cms_made_simple	4.8
2021-08-05	CVE-2020-22732	CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker..	Cms_made_simple	4.8
2021-09-22	CVE-2020-23481	CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field.	Cms_made_simple	5.4
2022-02-28	CVE-2022-23906	CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file.	Cms_made_simple	7.2
2022-02-28	CVE-2022-23907	CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage.	Cms_made_simple	6.1
2022-04-13	CVE-2021-43154	Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php.	Cms_made_simple	6.1