Shodan
Vulnerabilities
Vulnerable Software
Cmsmadesimple:  >> Cms Made Simple  >> 2.2.2  Security Vulnerabilities
CVE-2018-10032
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-11
CVE-2018-10033
CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-11
CVE-2017-1000453
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-01-02
CVE-2017-1000454
CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1
CVSS Score
7.8
EPSS Score
0.002
Published
2018-01-02
CVE-2017-17734
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-12-18
CVE-2017-17735
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-12-18
CVE-2017-16784
In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-11-10
CVE-2017-11404
In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php.
CVSS Score
4.9
EPSS Score
0.002
Published
2017-07-18
CVE-2017-11405
In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file.
CVSS Score
4.9
EPSS Score
0.002
Published
2017-07-18
CVE-2014-0334
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) the htmlblob parameter to admin/addhtmlblob.php, the (3) title or (4) url parameter to admin/addbookmark.php, (5) the stylesheet_name parameter to admin/copystylesheet.php, (6) the template_name parameter to admin/copytemplate.php, the (7) title or (8) url parameter to admin/editbookmark.php, (9) the template parameter to admin/listtemplates.php, or (10) the css_name parameter to admin/listcss.php, a different issue than CVE-2014-2092.
CVSS Score
3.5
EPSS Score
0.006
Published
2014-03-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved