Filtered by vendor Cmsmadesimple
Subscribe
Total
134 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-17735 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-01-04 | 5.0 MEDIUM | 9.8 CRITICAL |
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. | |||||
CVE-2017-16799 | 1 Cmsmadesimple | 1 Cmsmadesimple | 2017-11-27 | 3.5 LOW | 5.4 MEDIUM |
In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882. | |||||
CVE-2017-16784 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-11-22 | 4.3 MEDIUM | 6.1 MEDIUM |
In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter. | |||||
CVE-2008-5642 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-09-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie. | |||||
CVE-2007-6656 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-09-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter. | |||||
CVE-2007-5056 | 6 Adodb Lite, Cmsmadesimple, Journalness and 3 more | 6 Adodb Lite, Cms Made Simple, Journalness and 3 more | 2017-09-28 | 6.8 MEDIUM | N/A |
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter. | |||||
CVE-2012-6064 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-08-28 | 3.5 LOW | N/A |
Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. (dot dot) in the deld parameter. NOTE: this can be leveraged using CSRF (CVE-2012-5450) to allow remote attackers to delete arbitrary files. | |||||
CVE-2012-5450 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-08-28 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deld parameter. | |||||
CVE-2017-8912 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-08-15 | 6.5 MEDIUM | 7.2 HIGH |
** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug." | |||||
CVE-2007-2473 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-07-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter. | |||||
CVE-2007-0610 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-07-28 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2017-9668 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-06-22 | 4.3 MEDIUM | 6.1 MEDIUM |
In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action. | |||||
CVE-2017-7255 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-04-04 | 3.5 LOW | 5.4 MEDIUM |
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack. | |||||
CVE-2017-7257 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-03-30 | 3.5 LOW | 5.4 MEDIUM |
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack. | |||||
CVE-2017-7256 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-03-30 | 3.5 LOW | 5.4 MEDIUM |
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack. | |||||
CVE-2017-6556 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-03-17 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field. | |||||
CVE-2017-6555 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-03-17 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description"). | |||||
CVE-2017-6072 | 1 Cmsmadesimple | 2 Cms Made Simple, Form Builder | 2017-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin. | |||||
CVE-2017-6070 | 1 Cmsmadesimple | 2 Cms Made Simple, Form Builder | 2017-02-23 | 7.5 HIGH | 9.8 CRITICAL |
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form. | |||||
CVE-2016-7904 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-01-27 | 6.0 MEDIUM | 8.0 HIGH |
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request. |