NotCVE - vendor:"Cmsmadesimple"

Page 11 of 151 results (0.009 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2017-1000454

https://notcve.org/view.php?id=CVE-2017-1000454

02 Jan 2018 — CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1 CMS Made Simple 2.1.6, 2.2 y 2.2.1 es vulnerable a una inyección de plantillas de Smarty en algunos componentes centrales. Esto resulta en la lectura de archivos locales en versiones anteriores a la 2.2 y en la inclusión de archivos locales desde la versión 2.2.1. • https://www.cmsmadesimple.org/2017/07/Announcing-CMSMS-2.2.2-Hearts-Content • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-17734

https://notcve.org/view.php?id=CVE-2017-17734

18 Dec 2017 — CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. CMS Made Simple (CMSMS) en versiones anteriores a la 2.2.5 no almacena en caché correctamente la información de inicio de sesión en las sesiones. • https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=77737 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-17735

https://notcve.org/view.php?id=CVE-2017-17735

18 Dec 2017 — CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. CMS Made Simple (CMSMS) en versiones anteriores a la 2.2.5 no almacena en caché correctamente la información de inicio de sesión en las cookies. • https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=77737 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-16798

https://notcve.org/view.php?id=CVE-2017-16798

12 Nov 2017 — In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg. En CMS Made Simple 2.2.3.1, la función is_file_acceptable en modules/FileManager/action.upload.php solo bloquea las extensiones de archivo que empiezan o finalizan con una subcadena "php... • https://github.com/bsmali4/cve/blob/master/CMS%20Made%20Simple%20UPLOAD%20FILE%20XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-16799

https://notcve.org/view.php?id=CVE-2017-16799

12 Nov 2017 — In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882. En CMS Made Simple 2.2.3.1, en modules/New/action.addcategory.php, Cross-Site Scripting (XSS) persistente es posible mediante el parámetro m1_name en admin/moduleinterface.php a la hora de añadir una categoría. Esta es una vulnerabilidad relacionada con CVE-2010-3882. • https://github.com/bsmali4/cve/blob/master/CMS%20Made%20Simple%20Stored%20XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 17%CPEs: 1EXPL: 4

CVE-2017-16783 – CMS Made Simple 2.1.6 - 'cntnt01detailtemplate' Server-Side Template Injection

https://notcve.org/view.php?id=CVE-2017-16783

10 Nov 2017 — In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter. En CMS Made Simple 2.1.6, existe inyección de plantillas del lado del servidor mediante el parámetro cntnt01detailtemplate. CMS Made Simple version 2.1.6 suffers from cross site scripting and server-side template injection vulnerabilities. • https://packetstorm.news/files/id/159690 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-16784

https://notcve.org/view.php?id=CVE-2017-16784

10 Nov 2017 — In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter. En CMS Made Simple 2.2.2, existe Cross-Site Scripting (XSS) reflejado mediante el parámetro cntnt01detailtemplate. • https://www.netsparker.com/web-applications-advisories/ns-17-031-reflected-xss-vulnerability-in-cms-made-simple • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-11404

https://notcve.org/view.php?id=CVE-2017-11404

18 Jul 2017 — In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php. En CMS Made Simple (CMSMS) versión 2.2.2, los administradores autenticados remotos pueden cargar un archivo .php por medio de una acción FileManager en el archivo admin/moduleinterface.php. • http://www.yuesec.com/img/cccccve/CMSMadeSimple/upl0advul123/images/upload_vulnerability_yuesec.html • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-11405

https://notcve.org/view.php?id=CVE-2017-11405

18 Jul 2017 — In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file. En CMS Made Simple (CMSMS) versión 2.2.2, los administradores autenticados remotos pueden cargar un archivo .php por medio de una acción CMSContentManager en el archivo admin/moduleinterface.php, seguido por una acción FilePicker en el archivo admin/mo... • http://www.yuesec.com/img/cccccve/CMSMadeSimple/upl0advul123/filepickerimages/FilePicker_upload_vulnerability.html • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-9668

https://notcve.org/view.php?id=CVE-2017-9668

18 Jun 2017 — In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action. En admin\addgroup.php en el gestor de contenidos Made Simple 2.1.6, cuando se añade un nuevo grupo no filtra el XSS resultando en la generación de un Storage-type XSS, mediante el parametro de descripción en la acción de añadir grupo. • https://github.com/XiaoZhis/ProjectSend/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...9 10 11 12 13