CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11513
https://notcve.org/view.php?id=CVE-2019-11513
The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action. El Administrador de Archivos en el CMS Made Simple, hasta la versión 2.2.10, es vulnerable a un XSS reflejado a través del campo "Nuevo nombre" en una acción Renombrar. • http://dev.cmsmadesimple.org/bug/view/12022 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9056
https://notcve.org/view.php?id=CVE-2019-9056
An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted __FEU__ cookie, and achieve authenticated object injection. Se detecto un problema en CMS Made Simple versión 2.2.8. En el módulo FrontEndUsers (en el archivo class.FrontEndUsersManipulate.php o class.FrontEndUsersManipulator.php), es posible lograr una llamada no serializada con una cookie no confiable __FEU__ , y conseguir una inyección de objeto autenticada. • https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-10107
https://notcve.org/view.php?id=CVE-2019-10107
CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section. CMS Made Simple 2.2.10 tiene Cross-Site Scripting (XSS) mediante el campo "Email Address" en myaccount.php, que es alcanzable mediante la sección "My Preferences -> My Account". • http://dev.cmsmadesimple.org/bug/view/12003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-10106
https://notcve.org/view.php?id=CVE-2019-10106
CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section. CMS Made Simple 2.2.10 tiene Cross-Site Scripting (XSS) mediante el campo "Name" en moduleinterface.php, que es alcanzable mediante la acción "Add Category" en la sección "Site Admin Settings - News module". • http://dev.cmsmadesimple.org/bug/view/12004 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-10105
https://notcve.org/view.php?id=CVE-2019-10105
CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager. CMS Made Simple 2.2.10 tiene una vulnerabilidad de auto Cross-Site Scripting (XSS) mediante el campo Name del Gestor de Diseño de Distribución, que es alcanzable mediante la acción "Create a new Template" en el Gestor de Diseño. • http://dev.cmsmadesimple.org/bug/view/12002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •