Cmsmadesimple Cms Made Simple — known CVE vulnerabilities
Every CVE whose affected-product data names Cmsmadesimple Cms Made Simple, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (154)
CVE-2010-4663 — CVSS 10.0 (critical): Unspecified vulnerability in the News module in CMS Made Simple (CMSMS) before 1.9.1 has unknown impact and attack vectors.
CVE-2018-10085 — CVSS 9.8 (critical): CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of…
CVE-2017-6070 — CVSS 9.8 (critical): CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_t…
CVE-2017-16783 — CVSS 9.8 (critical): In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
CVE-2017-1000453 — CVSS 9.8 (critical): CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP…
CVE-2024-1527 — CVSS 9.8 (critical): Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to…
CVE-2018-10081 — CVSS 9.8 (critical): CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as…
CVE-2018-1000092 — CVSS 8.8 (high): CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in Admin profile page that can result in…
CVE-2019-9693 — CVSS 8.8 (high): In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions…
CVE-2019-9055 — CVSS 8.8 (high): An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and…
CVE-2023-36969 — CVSS 8.8 (high): CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.
CVE-2019-9056 — CVSS 8.8 (high): An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or…
CVE-2021-28999 — CVSS 8.8 (high): SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby…
CVE-2021-40961 — CVSS 8.8 (high): CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated…
CVE-2019-9057 — CVSS 8.8 (high): An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted…
CVE-2018-10519 — CVSS 8.8 (high): CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid…
CVE-2018-10084 — CVSS 8.8 (high): CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the…
CVE-2019-9061 — CVSS 8.8 (high): An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to…
CVE-2018-1000158 — CVSS 8.8 (high): cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "$url =…
CVE-2019-9053 — CVSS 8.1 (high): An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated…
CVE-2016-7904 — CVSS 8.0 (high): Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of…
CVE-2020-10682 — CVSS 7.8 (high): The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to…
CVE-2023-43352 — CVSS 7.8 (high): An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu…
CVE-2017-1000454 — CVSS 7.8 (high): CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before…
CVE-2020-17462 — CVSS 7.8 (high): CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to…
CVE-2010-2797 — CVSS 7.5 (high): Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple before 1.8.1 allows remote attackers to include and…
CVE-2018-7448 — CVSS 7.5 (high): Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to…
CVE-2018-10083 — CVSS 7.5 (high): CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal…
CVE-2007-2473 — CVSS 7.5 (high): SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL…
CVE-2019-9060 — CVSS 7.5 (high): An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in…
CVE-2007-6656 — CVSS 7.5 (high): SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and earlier allows remote attackers to…
CVE-2005-2846 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP…
CVE-2007-0551 — CVSS 7.5 (high): Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code…
CVE-2024-1529 — CVSS 7.4 (high): Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting…
CVE-2024-1528 — CVSS 7.4 (high): CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability…
CVE-2021-28998 — CVSS 7.2 (high): File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar…
CVE-2017-8912 — CVSS 7.2 (high): CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to…
CVE-2018-1000094 — CVSS 7.2 (high): CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated…
CVE-2024-27622 — CVSS 7.2 (high): A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19 / 2.2.21. This…
CVE-2019-9059 — CVSS 7.2 (high): An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying…
CVE-2019-9058 — CVSS 7.2 (high): An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted…
CVE-2018-10086 — CVSS 7.2 (high): CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation…
CVE-2018-10515 — CVSS 7.2 (high): In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability…
CVE-2018-10517 — CVSS 7.2 (high): In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution…
CVE-2022-23906 — CVSS 7.2 (high): CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This…
CVE-2006-6844 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject…
CVE-2006-6845 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or…
CVE-2010-3883 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the Change Group Permissions module in CMS Made Simple 1.7.1 and earlier allows remote…
CVE-2012-5450 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and earlier…
CVE-2007-0610 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web…
CVE-2007-5056 — CVSS 6.8 (medium): Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple…
CVE-2010-3884 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authentication…
CVE-2018-10518 — CVSS 6.5 (medium): In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion…
CVE-2018-10520 — CVSS 6.5 (medium): In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion…
CVE-2019-9692 — CVSS 6.5 (medium): class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file…
CVE-2018-10516 — CVSS 6.5 (medium): In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure…
CVE-2007-5441 — CVSS 6.5 (medium): CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to…
CVE-2021-43154 — CVSS 6.1 (medium): Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in…
CVE-2017-9668 — CVSS 6.1 (medium): In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS…
CVE-2018-18270 — CVSS 6.1 (medium): XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article"…
CVE-2018-18271 — CVSS 6.1 (medium): XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article"…
CVE-2022-23907 — CVSS 6.1 (medium): CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage.
CVE-2018-20464 — CVSS 6.1 (medium): There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to…
CVE-2020-20138 — CVSS 6.1 (medium): Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4.
CVE-2023-43339 — CVSS 6.1 (medium): Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload…
CVE-2014-2245 — CVSS 6.0 (medium): SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify…
CVE-2024-27623 — CVSS 5.9 (medium): CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager…
CVE-2020-23481 — CVSS 5.4 (medium): CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web…
CVE-2017-16798 — CVSS 5.4 (medium): In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin…
CVE-2017-6555 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject…
CVE-2017-6556 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script…
CVE-2017-7255 — CVSS 5.4 (medium): XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to…
CVE-2017-7256 — CVSS 5.4 (medium): XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to…
CVE-2017-7257 — CVSS 5.4 (medium): XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to…
CVE-2019-10017 — CVSS 5.4 (medium): CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File…
CVE-2019-10105 — CVSS 5.4 (medium): CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new…
CVE-2019-10106 — CVSS 5.4 (medium): CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin…
CVE-2019-10107 — CVSS 5.4 (medium): CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account"…
CVE-2019-11226 — CVSS 5.4 (medium): CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News.
CVE-2020-10681 — CVSS 5.4 (medium): The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php.
CVE-2020-14926 — CVSS 5.4 (medium): CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page.
CVE-2020-22842 — CVSS 5.4 (medium): CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php.
CVE-2020-24860 — CVSS 5.4 (medium): CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in…
CVE-2020-36408 — CVSS 5.4 (medium): A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or…
CVE-2020-36409 — CVSS 5.4 (medium): A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or…
CVE-2020-36410 — CVSS 5.4 (medium): A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or…
CVE-2020-36411 — CVSS 5.4 (medium): A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or…
CVE-2020-36412 — CVSS 5.4 (medium): A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or…
CVE-2020-36413 — CVSS 5.4 (medium): A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or…
CVE-2020-36414 — CVSS 5.4 (medium): A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or…
CVE-2020-36415 — CVSS 5.4 (medium): A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or…
CVE-2020-36416 — CVSS 5.4 (medium): A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or…
CVE-2021-28935 — CVSS 5.4 (medium): CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences >…
CVE-2023-36970 — CVSS 5.4 (medium): A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2023-43353 — CVSS 5.4 (medium): Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the…
CVE-2023-43354 — CVSS 5.4 (medium): Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the…
CVE-2023-43355 — CVSS 5.4 (medium): Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the…
CVE-2023-43356 — CVSS 5.4 (medium): Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the…
CVE-2023-43357 — CVSS 5.4 (medium): Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the…
CVE-2023-43358 — CVSS 5.4 (medium): Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the…
CVE-2023-43359 — CVSS 5.4 (medium): Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the…
CVE-2023-43360 — CVSS 5.4 (medium): Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the…
CVE-2023-43872 — CVSS 5.4 (medium): A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
CVE-2017-6071 — CVSS 5.3 (medium): CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via…
CVE-2018-9921 — CVSS 5.3 (medium): In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the…
CVE-2017-6072 — CVSS 5.3 (medium): CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via…
CVE-2018-10082 — CVSS 5.3 (medium): CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with…
CVE-2018-10523 — CVSS 5.3 (medium): CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.ph…
CVE-2011-3718 — CVSS 5.0 (medium): CMS Made Simple (CMSMS) 1.9.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals…
CVE-2008-5642 — CVSS 5.0 (medium): Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot…
CVE-2007-5444 — CVSS 5.0 (medium): CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for unspecified files.
CVE-2018-10522 — CVSS 4.9 (medium): In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure…
CVE-2017-11405 — CVSS 4.9 (medium): In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to…
CVE-2017-11404 — CVSS 4.9 (medium): In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to…
CVE-2020-23241 — CVSS 4.8 (medium): Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature.
CVE-2020-23240 — CVSS 4.8 (medium): Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.
CVE-2020-27377 — CVSS 4.8 (medium): A cross-site scripting (XSS) vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14…
CVE-2024-27625 — CVSS 4.8 (medium): CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). This vulnerability resides in the File Manager module of the…
CVE-2018-5964 — CVSS 4.8 (medium): CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter.
CVE-2019-17629 — CVSS 4.8 (medium): CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen.
CVE-2019-17630 — CVSS 4.8 (medium): CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen.
CVE-2018-10032 — CVSS 4.8 (medium): CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter.
CVE-2018-10029 — CVSS 4.8 (medium): CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a…
CVE-2016-2784 — CVSS 4.7 (medium): CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning…
CVE-2010-3882 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remote attackers to inject arbitrary web…
CVE-2005-3083 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 0.10 allows remote attackers to inject arbitrary web script or…
CVE-2005-2392 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script…
CVE-2012-1992 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier allows remote attackers to inject…
CVE-2010-1482 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote…
CVE-2007-5443 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.1.3.1 allow remote attackers to inject arbitrary web script or…
CVE-2014-2092 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Simple 1.11.10 allows remote attackers…
CVE-2013-4167 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) before 1.11.7 allows remote attackers to inject arbitrary web script or…
CVE-2007-5442 — CVSS 3.5 (low): CMS Made Simple 1.1.3.1 does not check the permissions assigned to users who attempt uploads, which allows remote authenticated users to…
CVE-2012-6064 — CVSS 3.5 (low): Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote…
CVE-2025-5153 — CVSS 3.5 (low): A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown processing…
CVE-2014-0334 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or…
CVE-2018-10521 — CVSS 2.7 (low): In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement…
CVE-2013-3929 — CVSS 2.1 (low): Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS Made Simple (CMSMS) 1.11.9 allows remote authenticated users with…