CVE-2020-22842
https://notcve.org/view.php?id=CVE-2020-22842
CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php. CMS Made Simple versiones anteriores a 2.2.15, permite un ataque de tipo XSS por medio del parámetro m1_mod en una acción ModuleManager en la función local_uninstall en archivo admin/moduleinterface.php • http://dev.cmsmadesimple.org/bug/view/12291 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-13660
https://notcve.org/view.php?id=CVE-2020-13660
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name. CMS Made Simple versiones hasta 2.2.14, permite un ataque de tipo XSS por medio de un nombre de perfil de File Picker. • http://dev.cmsmadesimple.org/bug/view/12312 https://www.youtube.com/watch?v=Q6RMhmpScho • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-4310
https://notcve.org/view.php?id=CVE-2011-4310
The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles. El módulo de noticias en CMSMS versiones anteriores a la versión 1.9.4.3, permite a atacantes remotos corromper nuevos artículos. • https://www.cmsmadesimple.org/2011/08/Announcing-CMSMS-1-9-4-3---Security-Release • CWE-20: Improper Input Validation •
CVE-2019-11226 – CMS Made Simple 2.2.10 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-11226
CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News. CMS Made Simple 2.2.10 tiene XSS a través del parámetro m1_name en "Agregar artículo" en Contenido -> Administrador de contenido -> Noticias. CMS Made Simple version 2.2.10 suffers from a persistent cross site scripting vulnerability. • http://packetstormsecurity.com/files/153071/CMS-Made-Simple-2.2.10-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2019/May/36 https://vulmon.com/vulnerabilitydetails?qid=CVE-2019-11226 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-11513
https://notcve.org/view.php?id=CVE-2019-11513
The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action. El Administrador de Archivos en el CMS Made Simple, hasta la versión 2.2.10, es vulnerable a un XSS reflejado a través del campo "Nuevo nombre" en una acción Renombrar. • http://dev.cmsmadesimple.org/bug/view/12022 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •