Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Cmsmadesimple Subscribe
Total 134 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-17735 1 Cmsmadesimple 1 Cms Made Simple 2018-01-04 5.0 MEDIUM 9.8 CRITICAL
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.
CVE-2017-16799 1 Cmsmadesimple 1 Cmsmadesimple 2017-11-27 3.5 LOW 5.4 MEDIUM
In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882.
CVE-2017-16784 1 Cmsmadesimple 1 Cms Made Simple 2017-11-22 4.3 MEDIUM 6.1 MEDIUM
In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter.
CVE-2008-5642 1 Cmsmadesimple 1 Cms Made Simple 2017-09-28 5.0 MEDIUM N/A
Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie.
CVE-2007-6656 1 Cmsmadesimple 1 Cms Made Simple 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.
CVE-2007-5056 6 Adodb Lite, Cmsmadesimple, Journalness and 3 more 6 Adodb Lite, Cms Made Simple, Journalness and 3 more 2017-09-28 6.8 MEDIUM N/A
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.
CVE-2012-6064 1 Cmsmadesimple 1 Cms Made Simple 2017-08-28 3.5 LOW N/A
Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. (dot dot) in the deld parameter. NOTE: this can be leveraged using CSRF (CVE-2012-5450) to allow remote attackers to delete arbitrary files.
CVE-2012-5450 1 Cmsmadesimple 1 Cms Made Simple 2017-08-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deld parameter.
CVE-2017-8912 1 Cmsmadesimple 1 Cms Made Simple 2017-08-15 6.5 MEDIUM 7.2 HIGH
** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug."
CVE-2007-2473 1 Cmsmadesimple 1 Cms Made Simple 2017-07-28 7.5 HIGH N/A
SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.
CVE-2007-0610 1 Cmsmadesimple 1 Cms Made Simple 2017-07-28 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2017-9668 1 Cmsmadesimple 1 Cms Made Simple 2017-06-22 4.3 MEDIUM 6.1 MEDIUM
In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action.
CVE-2017-7255 1 Cmsmadesimple 1 Cms Made Simple 2017-04-04 3.5 LOW 5.4 MEDIUM
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack.
CVE-2017-7257 1 Cmsmadesimple 1 Cms Made Simple 2017-03-30 3.5 LOW 5.4 MEDIUM
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack.
CVE-2017-7256 1 Cmsmadesimple 1 Cms Made Simple 2017-03-30 3.5 LOW 5.4 MEDIUM
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack.
CVE-2017-6556 1 Cmsmadesimple 1 Cms Made Simple 2017-03-17 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field.
CVE-2017-6555 1 Cmsmadesimple 1 Cms Made Simple 2017-03-17 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description").
CVE-2017-6072 1 Cmsmadesimple 2 Cms Made Simple, Form Builder 2017-02-23 5.0 MEDIUM 5.3 MEDIUM
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin.
CVE-2017-6070 1 Cmsmadesimple 2 Cms Made Simple, Form Builder 2017-02-23 7.5 HIGH 9.8 CRITICAL
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.
CVE-2016-7904 1 Cmsmadesimple 1 Cms Made Simple 2017-01-27 6.0 MEDIUM 8.0 HIGH
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request.