RSS   Vulnerabilities for 'Cmsmadesimple'   RSS

2017-11-12
 
CVE-2017-16799

CWE-79
 

 
In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882.

 
 
CVE-2017-16798

CWE-79
 

 
In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg.

 

 >>> Vendor: Cmsmadesimple 3 Products
Cms made simple
Form builder
Cmsmadesimple


Copyright 2018, cxsecurity.com

 

Back to Top