CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000092
https://notcve.org/view.php?id=CVE-2018-1000092
13 Mar 2018 — CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in Admin profile page that can result in Details can be found here http://dev.cmsmadesimple.org/bug/view/11715. This attack appear to be exploitable via A specially crafted web page. This vulnerability appears to have been fixed in 2.2.6. CMS Made Simple, versión 2.2.5, contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) en la página de perfil de Administrador, cuyos detalles pueden encontrarse aquí... • http://dev.cmsmadesimple.org/bug/view/11715 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 56%CPEs: 1EXPL: 4CVE-2018-1000094 – CMS Made Simple 2.2.5 - (Authenticated) Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-1000094
13 Mar 2018 — CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension. CMS Made Simple 2.2.5 contiene una vulnerabilidad de ejecución remota de código en File Manager que podría permitir que un administrador autenticado con acceso al gestor de archivos ejecute código en el servidor. El ataque p... • https://packetstorm.news/files/id/148622 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7893
https://notcve.org/view.php?id=CVE-2018-7893
12 Mar 2018 — CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter. CMS Made Simple (CMSMS) 2.2.6 tiene Cross-Site Scripting (XSS) persistente en admin/moduleinterface.php mediante el parámetro metadata. • https://github.com/ibey0nd/CVE/blob/master/CMS%20Made%20Simple%20Stored%20XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-8058
https://notcve.org/view.php?id=CVE-2018-8058
12 Mar 2018 — CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter. CMS Made Simple (CMSMS) 2.2.6 tiene Cross-Site Scripting (XSS) en admin/moduleinterface.php mediante el parámetro pagedata. • https://github.com/ibey0nd/CVE/blob/master/CMS%20Made%20Simple%20Stored%20XSS%202.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2018-5963 – CMS Made Simple 2.2.5 Persistent Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-5963
24 Jan 2018 — CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter. CMS Made Simple (CMSMS) 2.2.5 tiene Cross-Site Scripting (XSS) en admin/addbookmark.php a través del parámetro title. CMS Made Simple version 2.2.5 suffers from a persistent cross site scripting vulnerability. • http://packetstormsecurity.com/files/146033/CMS-Made-Simple-2.2.5-Persistent-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-5964 – CMS Made Simple 2.2.5 moduleinterface.php title Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-5964
24 Jan 2018 — CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter. CMS Made Simple (CMSMS) 2.2.5 tiene Cross-Site Scripting (XSS) en admin/moduleinterface.php a través del parámetro m1_messages. CMS Made Simple version 2.2.5 suffers from a reflective cross site scripting vulnerability in /admin/moduleinterface.php. • http://packetstormsecurity.com/files/146034/CMS-Made-Simple-2.2.5-moduleinterface.php-title-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2018-5965 – CMS Made Simple 2.2.5 moduleinterface.php m1_errors Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-5965
24 Jan 2018 — CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter. CMS Made Simple (CMSMS) 2.2.5 tiene Cross-Site Scripting (XSS) en admin/moduleinterface.php a través del parámetro m1_errors. CMS Made Simple version 2.2.5 suffers from a reflective cross site scripting vulnerability in /admin/moduleinterface.php. • http://packetstormsecurity.com/files/146035/CMS-Made-Simple-2.2.5-moduleinterface.php-m1_errors-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17734
https://notcve.org/view.php?id=CVE-2017-17734
18 Dec 2017 — CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. CMS Made Simple (CMSMS) en versiones anteriores a la 2.2.5 no almacena en caché correctamente la información de inicio de sesión en las sesiones. • https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=77737 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17735
https://notcve.org/view.php?id=CVE-2017-17735
18 Dec 2017 — CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. CMS Made Simple (CMSMS) en versiones anteriores a la 2.2.5 no almacena en caché correctamente la información de inicio de sesión en las cookies. • https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=77737 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16798
https://notcve.org/view.php?id=CVE-2017-16798
12 Nov 2017 — In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg. En CMS Made Simple 2.2.3.1, la función is_file_acceptable en modules/FileManager/action.upload.php solo bloquea las extensiones de archivo que empiezan o finalizan con una subcadena "php... • https://github.com/bsmali4/cve/blob/master/CMS%20Made%20Simple%20UPLOAD%20FILE%20XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •