Shodan
Vulnerabilities
Vulnerable Software
Cmsmadesimple:  >> Cms Made Simple  Security Vulnerabilities
CVE-2020-27377
A cross-site scripting (XSS) vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14 which allows an attacker to execute arbitrary web scripts.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-06-01
CVE-2021-28935
CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences > Title field.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-03-30
CVE-2020-20138
Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-12-17
CVE-2020-24860
CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website.
CVSS Score
5.4
EPSS Score
0.006
Published
2020-10-01
CVE-2020-22842
CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php.
CVSS Score
5.4
EPSS Score
0.004
Published
2020-09-30
CVE-2020-17462
CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798.
CVSS Score
7.8
EPSS Score
0.004
Published
2020-08-14
CVE-2020-14926
CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-06-19
CVE-2020-13660
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.
CVSS Score
4.8
EPSS Score
0.003
Published
2020-05-28
CVE-2020-10682
The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code (it need not be a valid JPEG file).
CVSS Score
7.8
EPSS Score
0.019
Published
2020-03-20
CVE-2020-10681
The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php.
CVSS Score
5.4
EPSS Score
0.004
Published
2020-03-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved