Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cms_made_simple
(Cmsmadesimple)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 145 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-10-26 | CVE-2023-43352 | An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component. | Cms_made_simple | 7.8 | ||
| 2017-05-12 | CVE-2017-8912 | CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug. | Cms_made_simple | 7.2 | ||
| 2017-03-24 | CVE-2017-7255 | XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack. | Cms_made_simple | 5.4 | ||
| 2017-03-24 | CVE-2017-7256 | XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack. | Cms_made_simple | 5.4 | ||
| 2017-03-24 | CVE-2017-7257 | XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack. | Cms_made_simple | 5.4 | ||
| 2023-09-25 | CVE-2023-43339 | Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components. | Cms_made_simple | 6.1 | ||
| 2005-09-08 | CVE-2005-2846 | PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter. | Cms_made_simple | N/A | ||
| 2008-01-04 | CVE-2007-6656 | SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter. | Cms_made_simple | N/A | ||
| 2023-09-28 | CVE-2023-43872 | A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). | Cms_made_simple | 5.4 | ||
| 2023-10-19 | CVE-2023-43359 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component. | Cms_made_simple | 5.4 |