Cms Made Simple CVEs and Security Vulnerabilities

Filtered by vendor Cmsmadesimple Subscriptions

Filtered by product Cms Made Simple Subscriptions

Search

Switch to Advanced Search (Beta)

Total 150 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-1527	1 Cmsmadesimple	1 Cms Made Simple	2025-02-26	9.8 Critical
Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell.
CVE-2024-1528	1 Cmsmadesimple	1 Cms Made Simple	2025-02-26	7.4 High
CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/moduleinterface.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session.
CVE-2024-1529	1 Cmsmadesimple	1 Cms Made Simple	2025-02-26	7.4 High
Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/adduser.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and partially take over their browser session.
CVE-2021-28999	1 Cmsmadesimple	1 Cms Made Simple	2025-01-29	8.8 High
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.
CVE-2021-28998	1 Cmsmadesimple	1 Cms Made Simple	2025-01-29	7.2 High
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file.
CVE-2023-43872	1 Cmsmadesimple	1 Cms Made Simple	2024-11-21	5.4 Medium
A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
CVE-2023-43360	1 Cmsmadesimple	1 Cms Made Simple	2024-11-21	5.4 Medium
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.
CVE-2023-43359	1 Cmsmadesimple	1 Cms Made Simple	2024-11-21	5.4 Medium
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component.
CVE-2023-43358	1 Cmsmadesimple	1 Cms Made Simple	2024-11-21	5.4 Medium
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.
CVE-2023-43357	1 Cmsmadesimple	1 Cms Made Simple	2024-11-21	5.4 Medium
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.
CVE-2023-43356	1 Cmsmadesimple	1 Cms Made Simple	2024-11-21	5.4 Medium
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.
CVE-2023-43355	1 Cmsmadesimple	1 Cms Made Simple	2024-11-21	5.4 Medium
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.
CVE-2023-43354	1 Cmsmadesimple	1 Cms Made Simple	2024-11-21	5.4 Medium
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.
CVE-2023-43353	1 Cmsmadesimple	1 Cms Made Simple	2024-11-21	5.4 Medium
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.
CVE-2023-43352	1 Cmsmadesimple	1 Cms Made Simple	2024-11-21	7.8 High
An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component.
CVE-2023-43339	1 Cmsmadesimple	1 Cms Made Simple	2024-11-21	6.1 Medium
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.
CVE-2023-36970	1 Cmsmadesimple	1 Cms Made Simple	2024-11-21	5.4 Medium
A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function.
CVE-2023-36969	1 Cmsmadesimple	1 Cms Made Simple	2024-11-21	8.8 High
CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.
CVE-2022-23907	1 Cmsmadesimple	1 Cms Made Simple	2024-11-21	6.1 Medium
CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage.
CVE-2022-23906	1 Cmsmadesimple	1 Cms Made Simple	2024-11-21	7.2 High
CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file.

Page 1 of 8. next last »