Shodan
Vulnerabilities
Vulnerable Software
Cmsimple:  >> Cmsimple  Security Vulnerabilities
CVE-2024-33424
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-05-01
CVE-2024-32392
Cross Site Scripting vulnerability in CmSimple v.5.15 allows a remote attacker to execute arbitrary code via the functions.php component.
CVSS Score
4.5
EPSS Score
0.002
Published
2024-04-19
CVE-2024-32344
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section.
CVSS Score
6.8
EPSS Score
0.001
Published
2024-04-17
CVE-2024-32345
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-04-17
CVE-2021-43741
CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution.
CVSS Score
9.8
EPSS Score
0.114
Published
2022-04-13
CVE-2021-43742
CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload feature.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-04-13
CVE-2018-19507
CMSimple 4.7.5 has XSS via an admin's use of a ?file=config&action=array URI.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-19
CVE-2018-19508
CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/ URI.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-19
CVE-2008-2650
Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
CVSS Score
6.8
EPSS Score
0.016
Published
2008-06-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved