Shodan
Vulnerabilities
Vulnerable Software
Cmsmadesimple:  >> Cms Made Simple  Security Vulnerabilities
CVE-2023-43353
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-10-20
CVE-2023-43354
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-10-20
CVE-2023-43355
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.
CVSS Score
5.4
EPSS Score
0.004
Published
2023-10-20
CVE-2023-43356
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-10-20
CVE-2023-43357
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-10-20
CVE-2023-43359
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-19
CVE-2023-43872
A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
CVSS Score
5.4
EPSS Score
0.006
Published
2023-09-28
CVE-2023-43339
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-09-25
CVE-2023-36970
A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-07-06
CVE-2023-36969
CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.
CVSS Score
8.8
EPSS Score
0.659
Published
2023-07-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved