Shodan
Vulnerabilities
Vulnerable Software
Cmsmadesimple:  >> Cms Made Simple  >> 2.1.6  Security Vulnerabilities
CVE-2017-7255
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-03-24
CVE-2017-7256
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-03-24
CVE-2017-7257
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-03-24
CVE-2017-6555
Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description").
CVSS Score
5.4
EPSS Score
0.002
Published
2017-03-09
CVE-2017-6556
Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-03-09
CVE-2014-0334
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) the htmlblob parameter to admin/addhtmlblob.php, the (3) title or (4) url parameter to admin/addbookmark.php, (5) the stylesheet_name parameter to admin/copystylesheet.php, (6) the template_name parameter to admin/copytemplate.php, the (7) title or (8) url parameter to admin/editbookmark.php, (9) the template parameter to admin/listtemplates.php, or (10) the css_name parameter to admin/listcss.php, a different issue than CVE-2014-2092.
CVSS Score
3.5
EPSS Score
0.006
Published
2014-03-02
CVE-2007-5056
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.
CVSS Score
6.8
EPSS Score
0.703
Published
2007-09-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved