Cmsmadesimple: >> Cms Made Simple >> 0.10.1 Security Vulnerabilities
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-04-11
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-11
CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-11
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-01-02
CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1
CVSS Score
7.8
EPSS Score
0.002
Published
2018-01-02
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-12-18
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-12-18
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.
CVSS Score
9.8
EPSS Score
0.008
Published
2017-02-21
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml.
CVSS Score
5.3
EPSS Score
0.003
Published
2017-02-21
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin.
CVSS Score
5.3
EPSS Score
0.002
Published
2017-02-21