Cmsmadesimple: >> Cms Made Simple Security Vulnerabilities
The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-11-26
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen.
CVSS Score
4.8
EPSS Score
0.004
Published
2019-10-16
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen.
CVSS Score
4.8
EPSS Score
0.004
Published
2019-10-16
CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field.
CVSS Score
4.8
EPSS Score
0.003
Published
2019-10-06
CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-06-05
The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action.
CVSS Score
4.8
EPSS Score
0.003
Published
2019-04-25
An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted __FEU__ cookie, and achieve authenticated object injection.
CVSS Score
8.8
EPSS Score
0.013
Published
2019-04-11
CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-03-26
CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-03-26
CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-03-26