Filtered by vendor Cmsmadesimple
Subscribe
Search
Total
65 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10032 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-04-13 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter. | |||||
| CVE-2018-8058 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-03-29 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter. | |||||
| CVE-2018-7893 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-03-29 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter. | |||||
| CVE-2018-5964 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-02-07 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter. | |||||
| CVE-2018-5965 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-02-07 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter. | |||||
| CVE-2018-5963 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-02-07 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter. | |||||
| CVE-2017-16799 | 1 Cmsmadesimple | 1 Cmsmadesimple | 2017-11-27 | 3.5 LOW | 5.4 MEDIUM |
| In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882. | |||||
| CVE-2017-16784 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-11-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter. | |||||
| CVE-2017-9668 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-06-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action. | |||||
| CVE-2017-7255 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-04-05 | 3.5 LOW | 5.4 MEDIUM |
| XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack. | |||||
| CVE-2017-7256 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-03-31 | 3.5 LOW | 5.4 MEDIUM |
| XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack. | |||||
| CVE-2017-7257 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-03-31 | 3.5 LOW | 5.4 MEDIUM |
| XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack. | |||||
| CVE-2017-6556 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field. | |||||
| CVE-2017-6555 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description"). | |||||
| CVE-2017-6072 | 1 Cmsmadesimple | 2 Cms Made Simple, Form Builder | 2017-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin. | |||||