CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10033
https://notcve.org/view.php?id=CVE-2018-10033
11 Apr 2018 — CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter. CMS Made Simple (también conocido como CMSMS) 2.2.7 tiene Cross-Site Scripting (XSS) persistente en admin/siteprefs.php a través del parámetro metadata. • https://github.com/zxyxx/cmsms_vul • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000092
https://notcve.org/view.php?id=CVE-2018-1000092
13 Mar 2018 — CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in Admin profile page that can result in Details can be found here http://dev.cmsmadesimple.org/bug/view/11715. This attack appear to be exploitable via A specially crafted web page. This vulnerability appears to have been fixed in 2.2.6. CMS Made Simple, versión 2.2.5, contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) en la página de perfil de Administrador, cuyos detalles pueden encontrarse aquí... • http://dev.cmsmadesimple.org/bug/view/11715 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 56%CPEs: 1EXPL: 4CVE-2018-1000094 – CMS Made Simple 2.2.5 - (Authenticated) Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-1000094
13 Mar 2018 — CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension. CMS Made Simple 2.2.5 contiene una vulnerabilidad de ejecución remota de código en File Manager que podría permitir que un administrador autenticado con acceso al gestor de archivos ejecute código en el servidor. El ataque p... • https://packetstorm.news/files/id/148622 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7893
https://notcve.org/view.php?id=CVE-2018-7893
12 Mar 2018 — CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter. CMS Made Simple (CMSMS) 2.2.6 tiene Cross-Site Scripting (XSS) persistente en admin/moduleinterface.php mediante el parámetro metadata. • https://github.com/ibey0nd/CVE/blob/master/CMS%20Made%20Simple%20Stored%20XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-8058
https://notcve.org/view.php?id=CVE-2018-8058
12 Mar 2018 — CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter. CMS Made Simple (CMSMS) 2.2.6 tiene Cross-Site Scripting (XSS) en admin/moduleinterface.php mediante el parámetro pagedata. • https://github.com/ibey0nd/CVE/blob/master/CMS%20Made%20Simple%20Stored%20XSS%202.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 33%CPEs: 1EXPL: 4CVE-2018-7448 – CMS Made Simple 2.1.6 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-7448
26 Feb 2018 — Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure. Vulnerabilidad de ejecución remota de código en /cmsms-2.1.6-install.php/index.php en CMS Made Simple 2.1.6 permite que atacantes remotos inyecten código PHP arbitrario mediante el parámetro "timezone" en el paso 4 del procedimiento de nueva instalación. CMS Made Simple version... • https://packetstorm.news/files/id/146568 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2018-5963 – CMS Made Simple 2.2.5 Persistent Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-5963
24 Jan 2018 — CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter. CMS Made Simple (CMSMS) 2.2.5 tiene Cross-Site Scripting (XSS) en admin/addbookmark.php a través del parámetro title. CMS Made Simple version 2.2.5 suffers from a persistent cross site scripting vulnerability. • http://packetstormsecurity.com/files/146033/CMS-Made-Simple-2.2.5-Persistent-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-5964 – CMS Made Simple 2.2.5 moduleinterface.php title Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-5964
24 Jan 2018 — CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter. CMS Made Simple (CMSMS) 2.2.5 tiene Cross-Site Scripting (XSS) en admin/moduleinterface.php a través del parámetro m1_messages. CMS Made Simple version 2.2.5 suffers from a reflective cross site scripting vulnerability in /admin/moduleinterface.php. • http://packetstormsecurity.com/files/146034/CMS-Made-Simple-2.2.5-moduleinterface.php-title-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2018-5965 – CMS Made Simple 2.2.5 moduleinterface.php m1_errors Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-5965
24 Jan 2018 — CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter. CMS Made Simple (CMSMS) 2.2.5 tiene Cross-Site Scripting (XSS) en admin/moduleinterface.php a través del parámetro m1_errors. CMS Made Simple version 2.2.5 suffers from a reflective cross site scripting vulnerability in /admin/moduleinterface.php. • http://packetstormsecurity.com/files/146035/CMS-Made-Simple-2.2.5-moduleinterface.php-m1_errors-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-1000453
https://notcve.org/view.php?id=CVE-2017-1000453
02 Jan 2018 — CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution. CMS Made Simple, en sus versiones 2.1.6 y 2.2, es vulnerable a una inyección de plantillas de Smarty en algunos módulos centrales. Esto resulta en la ejecución de código PHP sin autenticación. • https://www.cmsmadesimple.org/2017/06/Announcing-CMSMS-2-2-1-Hearts-Desire • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •