Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cms_made_simple
(Cmsmadesimple)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 151 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-12-17 | CVE-2020-20138 | Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4. | Cms_made_simple | 6.1 | ||
| 2021-03-30 | CVE-2021-28935 | CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences > Title field. | Cms_made_simple | 5.4 | ||
| 2021-06-01 | CVE-2020-27377 | A cross-site scripting (XSS) vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14 which allows an attacker to execute arbitrary web scripts. | Cms_made_simple | 4.8 | ||
| 2021-07-02 | CVE-2020-36408 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Shortcut" parameter under the "Manage Shortcuts" module. | Cms_made_simple | 5.4 | ||
| 2021-07-02 | CVE-2020-36409 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Category" parameter under the "Categories" module. | Cms_made_simple | 5.4 | ||
| 2021-07-02 | CVE-2020-36410 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Email address to receive notification of news submission" parameter under the "Options" module. | Cms_made_simple | 5.4 | ||
| 2021-07-02 | CVE-2020-36411 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Path for the {page_image} tag:" or "Path for thumbnail field:" parameters under the "Content Editing Settings" module. | Cms_made_simple | 5.4 | ||
| 2021-07-02 | CVE-2020-36412 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Search Text" field under the "Admin Search" module. | Cms_made_simple | 5.4 | ||
| 2021-07-02 | CVE-2020-36413 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Exclude these IP addresses from the "Site Down" status" parameter under the "Maintenance Mode" module. | Cms_made_simple | 5.4 | ||
| 2021-07-02 | CVE-2020-36414 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "URL (slug)" or "Extra" fields under the "Add Article" feature. | Cms_made_simple | 5.4 |