CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1529 – Cross-site Scripting in CMS Made Simple
https://notcve.org/view.php?id=CVE-2024-1529
12 Mar 2024 — Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/adduser.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and partially take over their browser session. Vulnerabilidad en CMS Made Simple 2.2.14, que no codifica suficientemente la entrada controlada por el usuario, lo que resulta en una vul... • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cms-made-simple • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1528 – Cross-site Scripting in CMS Made Simple
https://notcve.org/view.php?id=CVE-2024-1528
12 Mar 2024 — CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/moduleinterface.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session. CMS Made Simple versión 2.2.14 no codifica suficientemente la entrada controlada por el usuario, lo que genera una vulnerabilidad de Cross Site Scr... • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cms-made-simple • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1527 – Unrestricted Upload of File with Dangerous Type in CMS Made Simple
https://notcve.org/view.php?id=CVE-2024-1527
12 Mar 2024 — Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell. Vulnerabilidad de carga de archivos sin restricciones en CMS Made Simple, que afecta a la versión 2.2.14. Esta vulnerabilidad permite a un usuario autenticado eludir las medidas de seguridad de la funcionalidad de carga y potencialmente crear una ejec... • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cms-made-simple • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-43352
https://notcve.org/view.php?id=CVE-2023-43352
26 Oct 2023 — An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component. Un problema en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un payload manipulado en el componente Content Manager Menu. • https://github.com/sromanhu/CVE-2023-43352-CMSmadesimple-SSTI--Content • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-43360
https://notcve.org/view.php?id=CVE-2023-43360
24 Oct 2023 — Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component. Una vulnerabilidad de Cross-Site Scripting (XSS) en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un script manipulado en el parámetro Top Directory en el componente File Picker Menu. • https://github.com/sromanhu/CVE-2023-43360-CMSmadesimple-Stored-XSS---File-Picker-extension • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-43358
https://notcve.org/view.php?id=CVE-2023-43358
23 Oct 2023 — Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component. Una vulnerabilidad de Cross Site Scripting en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un script manipulado en el parámetro Título en el componente Menú de noticias. • https://github.com/sromanhu/CVE-2023-43358-CMSmadesimple-Stored-XSS---News • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43356
https://notcve.org/view.php?id=CVE-2023-43356
20 Oct 2023 — Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component. Una vulnerabilidad de Cross Site Scripting en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un script manipulado para el parámetro Global Meatadata en el componente del Global Settings Menu. • https://github.com/sromanhu/CVE-2023-43356-CMSmadesimple-Stored-XSS---Global-Settings • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43357
https://notcve.org/view.php?id=CVE-2023-43357
20 Oct 2023 — Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component. Una vulnerabilidad de Cross Site Scripting en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un script manipulado en el parámetro Title en el componente Manage Shortcuts. • https://github.com/sromanhu/CVE-2023-43357-CMSmadesimple-Stored-XSS---Shortcut • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43353
https://notcve.org/view.php?id=CVE-2023-43353
20 Oct 2023 — Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component. Una vulnerabilidad de Cross Site Scripting en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un script manipulado para el parámetro adicional en el componente del menú de noticias. • https://github.com/sromanhu/CVE-2023-43353-CMSmadesimple-Stored-XSS---News---Extra • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43354
https://notcve.org/view.php?id=CVE-2023-43354
20 Oct 2023 — Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component. Vulnerabilidad de Cross Site Scripting en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un script manipulado en el parámetro Profiles en el componente del editor Extensions -MicroTiny WYSIWYG. • https://github.com/sromanhu/CVE-2023-43354-CMSmadesimple-Stored-XSS---MicroTIny-extension • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •