RSS   Podatności dla 'Cms made simple'   RSS

2022-06-09
 
CVE-2021-40961

CWE-89
 

 
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.

 
2022-04-13
 
CVE-2021-43154

CWE-79
 

 
Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php.

 
2022-02-28
 
CVE-2022-23906

CWE-434
 

 
CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file.

 
 
CVE-2022-23907

CWE-79
 

 
CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage.

 
2021-09-22
 
CVE-2020-23481

CWE-79
 

 
CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field.

 
2021-08-05
 
CVE-2020-22732

CWE-79
 

 
CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker..

 
2021-07-26
 
CVE-2020-23240

CWE-79
 

 
Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.

 
 
CVE-2020-23241

CWE-79
 

 
Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature.

 
2021-07-02
 
CVE-2020-36408

CWE-79
 

 
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Shortcut" parameter under the "Manage Shortcuts" module.

 
 
CVE-2020-36409

CWE-79
 

 
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Category" parameter under the "Categories" module.

 


Copyright 2024, cxsecurity.com

 

Back to Top