CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-10681
https://notcve.org/view.php?id=CVE-2020-10681
The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php. Filemanager en CMS Made Simple versión 2.2.13, presenta una vulnerabilidad de tipo XSS almacenado, por medio de un archivo .pxd, como es demostrado por el parámetro m1_files[] en el archivo admin/moduleinterface.php. • http://dev.cmsmadesimple.org/bug/view/12274 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17629
https://notcve.org/view.php?id=CVE-2019-17629
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen. CMS Made Simple (CMSMS) versión 2.2.11, permite un ataque de tipo XSS almacenado por parte de un administrador mediante un nombre de archivo de imagen diseñado en la pantalla "file manager ) upload images". • http://dev.cmsmadesimple.org/bug/view/12146 https://forum.cmsmadesimple.org/viewforum.php?f=1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17630
https://notcve.org/view.php?id=CVE-2019-17630
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen. CMS Made Simple (CMSMS) versión 2.2.11, permite un ataque de tipo XSS almacenado por parte de un administrador mediante un nombre de archivo de imagen diseñado en la pantalla "News ) Add Article". • http://dev.cmsmadesimple.org/bug/view/12149 https://forum.cmsmadesimple.org/viewforum.php?f=1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17226
https://notcve.org/view.php?id=CVE-2019-17226
CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field. CMS Made Simple (CMSMS) versión 2.2.11, permite un ataque de tipo XSS por medio del campo Site Admin ) Module Manager ) Search Term. • http://dev.cmsmadesimple.org/bug/view/12148 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2019-11226 – CMS Made Simple 2.2.10 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-11226
CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News. CMS Made Simple 2.2.10 tiene XSS a través del parámetro m1_name en "Agregar artículo" en Contenido -> Administrador de contenido -> Noticias. CMS Made Simple version 2.2.10 suffers from a persistent cross site scripting vulnerability. • http://packetstormsecurity.com/files/153071/CMS-Made-Simple-2.2.10-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2019/May/36 https://vulmon.com/vulnerabilitydetails?qid=CVE-2019-11226 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •