Shodan
Vulnerabilities
Vulnerable Software
Cmsmadesimple:  Security Vulnerabilities
CVE-2011-4310
The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-11-26
CVE-2019-17629
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen.
CVSS Score
4.8
EPSS Score
0.004
Published
2019-10-16
CVE-2019-17630
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen.
CVSS Score
4.8
EPSS Score
0.004
Published
2019-10-16
CVE-2019-17226
CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field.
CVSS Score
4.8
EPSS Score
0.003
Published
2019-10-06
CVE-2019-1010290
Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a "newurl" parameter. The component is: redirect.php. The attack vector is: The victim must open a link created by an attacker. Attacker may use any legitimate site using Babel to redirect user to a URL of his/her choosing.
CVSS Score
6.1
EPSS Score
0.302
Published
2019-07-16
CVE-2019-11226
CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-06-05
CVE-2019-11513
The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-04-25
CVE-2019-9056
An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted __FEU__ cookie, and achieve authenticated object injection.
CVSS Score
8.8
EPSS Score
0.012
Published
2019-04-11
CVE-2019-10105
CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-03-26
CVE-2019-10106
CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-03-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved