Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Cmsmadesimple Subscribe
Filtered by product Cms Made Simple
Total 147 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-17734 1 Cmsmadesimple 1 Cms Made Simple 2018-01-04 5.0 MEDIUM 9.8 CRITICAL
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.
CVE-2017-16784 1 Cmsmadesimple 1 Cms Made Simple 2017-11-22 4.3 MEDIUM 6.1 MEDIUM
In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter.
CVE-2008-5642 1 Cmsmadesimple 1 Cms Made Simple 2017-09-29 5.0 MEDIUM N/A
Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie.
CVE-2007-5056 6 Adodb Lite, Cmsmadesimple, Journalness and 3 more 6 Adodb Lite, Cms Made Simple, Journalness and 3 more 2017-09-29 6.8 MEDIUM N/A
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.
CVE-2012-6064 1 Cmsmadesimple 1 Cms Made Simple 2017-08-29 3.5 LOW N/A
Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. (dot dot) in the deld parameter. NOTE: this can be leveraged using CSRF (CVE-2012-5450) to allow remote attackers to delete arbitrary files.
CVE-2012-5450 1 Cmsmadesimple 1 Cms Made Simple 2017-08-29 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deld parameter.
CVE-2007-2473 1 Cmsmadesimple 1 Cms Made Simple 2017-07-29 7.5 HIGH N/A
SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.
CVE-2007-0610 1 Cmsmadesimple 1 Cms Made Simple 2017-07-29 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2017-9668 1 Cmsmadesimple 1 Cms Made Simple 2017-06-22 4.3 MEDIUM 6.1 MEDIUM
In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action.
CVE-2017-6556 1 Cmsmadesimple 1 Cms Made Simple 2017-03-18 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field.
CVE-2017-6555 1 Cmsmadesimple 1 Cms Made Simple 2017-03-18 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description").
CVE-2017-6072 1 Cmsmadesimple 2 Cms Made Simple, Form Builder 2017-02-23 5.0 MEDIUM 5.3 MEDIUM
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin.
CVE-2017-6070 1 Cmsmadesimple 2 Cms Made Simple, Form Builder 2017-02-23 7.5 HIGH 9.8 CRITICAL
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.
CVE-2016-7904 1 Cmsmadesimple 1 Cms Made Simple 2017-01-27 6.0 MEDIUM 8.0 HIGH
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request.
CVE-2005-3083 1 Cmsmadesimple 1 Cms Made Simple 2016-10-18 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 0.10 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2014-2092 1 Cmsmadesimple 1 Cms Made Simple 2015-08-13 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Simple 1.11.10 allows remote attackers to inject arbitrary web script or HTML via the action parameter, a different issue than CVE-2014-0334. NOTE: the original disclosure also reported issues that may not cross privilege boundaries.
CVE-2014-0334 1 Cmsmadesimple 1 Cms Made Simple 2015-07-24 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) the htmlblob parameter to admin/addhtmlblob.php, the (3) title or (4) url parameter to admin/addbookmark.php, (5) the stylesheet_name parameter to admin/copystylesheet.php, (6) the template_name parameter to admin/copytemplate.php, the (7) title or (8) url parameter to admin/editbookmark.php, (9) the template parameter to admin/listtemplates.php, or (10) the css_name parameter to admin/listcss.php, a different issue than CVE-2014-2092.
CVE-2014-2245 1 Cmsmadesimple 1 Cms Made Simple 2014-03-07 6.0 MEDIUM N/A
SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third party information.
CVE-2013-3929 1 Cmsmadesimple 1 Cms Made Simple 2013-12-10 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS Made Simple (CMSMS) 1.11.9 allows remote authenticated users with the "Modify Events" permission to inject arbitrary web script or HTML via the handler parameter.
CVE-2013-4167 1 Cmsmadesimple 1 Cms Made Simple 2013-10-15 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) before 1.11.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.