Shodan
Vulnerabilities
Vulnerable Software
Cmsmadesimple:  Security Vulnerabilities
CVE-2017-16799
In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-11-12
CVE-2017-16783
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
CVSS Score
9.8
EPSS Score
0.099
Published
2017-11-10
CVE-2017-16784
In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-11-10
CVE-2017-11404
In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php.
CVSS Score
4.9
EPSS Score
0.002
Published
2017-07-18
CVE-2017-11405
In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file.
CVSS Score
4.9
EPSS Score
0.002
Published
2017-07-18
CVE-2017-9668
In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-06-18
CVE-2017-8912
CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug.
CVSS Score
7.2
EPSS Score
0.037
Published
2017-05-12
CVE-2017-7255
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-03-24
CVE-2017-7256
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-03-24
CVE-2017-7257
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-03-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved