Cmsmadesimple: >> Cms Made Simple >> 2.2.14 Security Vulnerabilities
CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/moduleinterface.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session.
CVSS Score
7.4
EPSS Score
0.001
Published
2024-03-12
Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/adduser.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and partially take over their browser session.
CVSS Score
7.4
EPSS Score
0.001
Published
2024-03-12
Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell.
CVSS Score
9.8
EPSS Score
0.0
Published
2024-03-12
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file.
CVSS Score
7.2
EPSS Score
0.003
Published
2023-05-08
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-05-08
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-06-09
CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-09-22
CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker..
CVSS Score
4.8
EPSS Score
0.005
Published
2021-08-05
Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.
CVSS Score
4.8
EPSS Score
0.005
Published
2021-07-26
Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature.
CVSS Score
4.8
EPSS Score
0.005
Published
2021-07-26
Page 1