Cmsmadesimple: >> Cms Made Simple Security Vulnerabilities
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter.
CVSS Score
4.8
EPSS Score
0.005
Published
2018-01-25
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-01-25
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter.
CVSS Score
4.8
EPSS Score
0.005
Published
2018-01-25
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-01-02
CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1
CVSS Score
7.8
EPSS Score
0.002
Published
2018-01-02
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-12-18
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-12-18
In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-11-12
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
CVSS Score
9.8
EPSS Score
0.169
Published
2017-11-10
In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-11-10