CVSS: 9.0EPSS: 40%CPEs: 1EXPL: 2CVE-2023-36969 – CMS Made Simple 2.2.21 Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-36969
06 Jul 2023 — CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function. CMS Made Simple versions 2.2.21 and below allow an authenticated administrator to upload files with the .phar or .phtml extensions, enabling execution of PHP code leading to remote code execution. • https://packetstorm.news/files/id/190114 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36970
https://notcve.org/view.php?id=CVE-2023-36970
06 Jul 2023 — A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function. • https://okankurtulus.com.tr/2023/06/27/cms-made-simple-v2-2-17-stored-cross-site-scripting-xss-authenticated • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 0CVE-2005-2392
https://notcve.org/view.php?id=CVE-2005-2392
27 Jul 2005 — Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function. Vulnerabilidad de secuencia de comandos en sitios cruzados en index.php para CMSSimple 2.4 y anteriores permite que atacantes remotos inyecten script web arbitrario o HTML mediante el parámetro "search" en la función de búsqueda. • http://lostmon.blogspot.com/2005/07/cmsimple-search-variable-xss.html •